From 6bf3dd10c11d737481d134954361c0dd433917ba Mon Sep 17 00:00:00 2001
From: John Preston <johnprestonmail@gmail.com>
Date: Fri, 13 Mar 2020 12:07:05 +0400
Subject: [PATCH] Make checked read of sticker sets order.

In case local data is corrupted previously it lead to OOM crash.
---
 Telegram/SourceFiles/storage/localstorage.cpp | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/Telegram/SourceFiles/storage/localstorage.cpp b/Telegram/SourceFiles/storage/localstorage.cpp
index 16dc9627e..d44fc2d25 100644
--- a/Telegram/SourceFiles/storage/localstorage.cpp
+++ b/Telegram/SourceFiles/storage/localstorage.cpp
@@ -3673,7 +3673,23 @@ void _readStickerSets(FileKey &stickersKey, Stickers::Order *outOrder = nullptr,
 
 	// Read orders of installed and featured stickers.
 	if (outOrder) {
-		stickers.stream >> *outOrder;
+		auto outOrderCount = quint32();
+		stickers.stream >> outOrderCount;
+		if (!_checkStreamStatus(stickers.stream)
+			|| outOrderCount < 0
+			|| outOrderCount > 1000) {
+			return failed();
+		}
+		outOrder->reserve(outOrderCount);
+		for (auto i = 0; i != outOrderCount; ++i) {
+			auto value = uint64();
+			stickers.stream >> value;
+			if (!_checkStreamStatus(stickers.stream)) {
+				outOrder->clear();
+				return failed();
+			}
+			outOrder->push_back(value);
+		}
 	}
 	if (!_checkStreamStatus(stickers.stream)) {
 		return failed();