google · VoltVoks · May 21, 2026
@@ -4421,14 +4421,24 @@ bool Definition::DeserializeAttributes(
 /* DESERIALIZATION                                                      */
 /************************************************************************/
 bool Parser::Deserialize(const uint8_t* buf, const size_t size) {
+  if (!buf) return false;
+
   flatbuffers::Verifier verifier(reinterpret_cast<const uint8_t*>(buf), size);
+  const size_t file_identifier_offset = sizeof(flatbuffers::uoffset_t);
+  const size_t size_prefixed_file_identifier_offset =
+      2 * sizeof(flatbuffers::uoffset_t);
+  const bool has_schema_identifier =
+      size >= file_identifier_offset + flatbuffers::kFileIdentifierLength &&
+      reflection::SchemaBufferHasIdentifier(buf);
+  const bool has_size_prefixed_schema_identifier =
+      size >= size_prefixed_file_identifier_offset +
+                  flatbuffers::kFileIdentifierLength &&
+      flatbuffers::BufferHasIdentifier(buf, reflection::SchemaIdentifier(),
+                                       true);
   bool size_prefixed = false;
-  if (!reflection::SchemaBufferHasIdentifier(buf)) {
-    if (!flatbuffers::BufferHasIdentifier(buf, reflection::SchemaIdentifier(),
-                                          true))
-      return false;
-    else
-      size_prefixed = true;
+  if (!has_schema_identifier) {
+    if (!has_size_prefixed_schema_identifier) return false;
+    size_prefixed = true;
   }
   auto verify_fn = size_prefixed
                        ? &reflection::VerifySizePrefixedSchemaBuffer<false>

@@ -1171,6 +1171,24 @@ void TestEmbeddedBinarySchema(const std::string& tests_data_path) {
 }
 #endif
 
+void TestDeserializeRejectsShortBinarySchemaBuffers() {
+  flatbuffers::Parser null_parser;
+  TEST_EQ(false, null_parser.Deserialize(nullptr, 0));
+  TEST_EQ(false,
+          null_parser.Deserialize(
+              nullptr, sizeof(flatbuffers::uoffset_t) +
+                           flatbuffers::kFileIdentifierLength));
+
+  const size_t size_prefixed_identifier_size =
+      2 * sizeof(flatbuffers::uoffset_t) + flatbuffers::kFileIdentifierLength;
+  for (size_t size = 1; size < size_prefixed_identifier_size; size++) {
+    std::string buf(size, 'x');
+    flatbuffers::Parser parser;
+    TEST_EQ(false, parser.Deserialize(
+                       reinterpret_cast<const uint8_t*>(buf.data()), size));
+  }
+}
+
 template <typename T>
 void EmbeddedSchemaAccessByType() {
   // Get the binary schema from the Type itself.
@@ -1765,6 +1783,7 @@ int FlatBufferTests(const std::string& tests_data_path) {
   MiniReflectFixedLengthArrayTest();
 
   SizePrefixedTest();
+  TestDeserializeRejectsShortBinarySchemaBuffers();
 
   AlignmentTest();