From b226c03277ae43ffd88a1c4e6fbdb5fa0692170d Mon Sep 17 00:00:00 2001
From: Tulir Asokan <tulir@maunium.net>
Date: Sat, 17 Jan 2026 00:55:16 +0200
Subject: [PATCH] crypto: add length check to hacky megolm message index parser

---
 crypto/encryptmegolm.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/crypto/encryptmegolm.go b/crypto/encryptmegolm.go
index 8ce70ca0..806a227d 100644
--- a/crypto/encryptmegolm.go
+++ b/crypto/encryptmegolm.go
@@ -91,11 +91,16 @@ func IsShareError(err error) bool {
 }
 
 func ParseMegolmMessageIndex(ciphertext []byte) (uint, error) {
+	if len(ciphertext) == 0 {
+		return 0, fmt.Errorf("empty ciphertext")
+	}
 	decoded := make([]byte, base64.RawStdEncoding.DecodedLen(len(ciphertext)))
 	var err error
 	_, err = base64.RawStdEncoding.Decode(decoded, ciphertext)
 	if err != nil {
 		return 0, err
+	} else if len(decoded) < 2+binary.MaxVarintLen64 {
+		return 0, fmt.Errorf("decoded ciphertext too short: %d bytes", len(decoded))
 	} else if decoded[0] != 3 || decoded[1] != 8 {
 		return 0, fmt.Errorf("unexpected initial bytes %d and %d", decoded[0], decoded[1])
 	}