1 files changed, 25 insertions, 4 deletions

diff --git a/src/olm.cpp b/src/olm.cpp
index efb1dfe..f3ce2ae 100644
--- a/src/olm.cpp
+++ b/src/olm.cpp
@@ -151,7 +151,7 @@ std::size_t b64_input(
     return raw_length;
 }
 
-const char * errors[9] {
+const char * errors[11] {
     "SUCCESS",
     "NOT_ENOUGH_RANDOM",
     "OUTPUT_BUFFER_TOO_SMALL",
@@ -161,6 +161,8 @@ const char * errors[9] {
     "BAD_MESSAGE_KEY_ID",
     "INVALID_BASE64",
     "BAD_ACCOUNT_KEY",
+    "UNKNOWN_PICKLE_VERSION",
+    "CORRUPTED_PICKLE",
 };
 
 } // namespace
@@ -282,7 +284,16 @@ size_t olm_unpickle_account(
         return std::size_t(-1);
     }
     std::uint8_t * const end = pos + raw_length;
-    unpickle(pos, end, object);
+    /* On success unpickle will return (pos + raw_length). If unpickling
+     * terminates too soon then it will return a pointer before
+     * (pos + raw_length). On error unpickle will return (pos + raw_length + 1).
+     */
+    if (end != unpickle(pos, end + 1, object)) {
+        if (object.last_error == olm::ErrorCode::SUCCESS) {
+            object.last_error = olm::ErrorCode::CORRUPTED_PICKLE;
+        }
+        return std::size_t(-1);
+    }
     return pickled_length;
 }
 
@@ -300,8 +311,18 @@ size_t olm_unpickle_session(
     if (raw_length == std::size_t(-1)) {
         return std::size_t(-1);
     }
-    std::uint8_t * const end = pos + raw_length;
-    unpickle(pos, end, object);
+
+    std::uint8_t * const end = pos + raw_length + 1;
+    /* On success unpickle will return (pos + raw_length). If unpickling
+     * terminates too soon then it will return a pointer before
+     * (pos + raw_length). On error unpickle will return (pos + raw_length + 1).
+     */
+    if (end != unpickle(pos, end + 1, object)) {
+        if (object.last_error == olm::ErrorCode::SUCCESS) {
+            object.last_error = olm::ErrorCode::CORRUPTED_PICKLE;
+        }
+        return std::size_t(-1);
+    }
     return pickled_length;
 }