1 files changed, 16 insertions, 5 deletions

diff --git a/lib9p/9p.generated.c b/lib9p/9p.generated.c
index 0259e23..4ec5ae5 100644
--- a/lib9p/9p.generated.c
+++ b/lib9p/9p.generated.c
@@ -383,6 +383,7 @@ static ALWAYS_INLINE bool validate_qid(struct _validate_ctx *ctx) {
 }
 
 static ALWAYS_INLINE bool validate_stat(struct _validate_ctx *ctx) {
+	uint32_t size_offset = ctx->net_offset;
 	return validate_2(ctx)
 	    || validate_2(ctx)
 	    || validate_4(ctx)
@@ -398,7 +399,10 @@ static ALWAYS_INLINE bool validate_stat(struct _validate_ctx *ctx) {
 	    || ( (ctx->ctx->version==LIB9P_VER_9P2000_u) && validate_s(ctx) )
 	    || ( (ctx->ctx->version==LIB9P_VER_9P2000_u) && validate_4(ctx) )
 	    || ( (ctx->ctx->version==LIB9P_VER_9P2000_u) && validate_4(ctx) )
-	    || ( (ctx->ctx->version==LIB9P_VER_9P2000_u) && validate_4(ctx) );
+	    || ( (ctx->ctx->version==LIB9P_VER_9P2000_u) && validate_4(ctx) )
+	    || ((uint32_t)decode_u16le(&ctx->net_bytes[size_offset]) != ctx->net_offset - size_offset)
+	       	? lib9p_error(ctx->ctx, LINUX_EBADMSG, "stat size does not match stat contents")"
+	       	: false);
 }
 
 static ALWAYS_INLINE bool validate_o(struct _validate_ctx *ctx) {
@@ -638,7 +642,7 @@ static ALWAYS_INLINE void unmarshal_qid(struct _unmarshal_ctx *ctx, struct lib9p
 
 static ALWAYS_INLINE void unmarshal_stat(struct _unmarshal_ctx *ctx, struct lib9p_stat *out) {
 	memset(out, 0, sizeof(*out));
-	unmarshal_2(ctx, &out->stat_size);
+	size->net_offset += 2;
 	unmarshal_2(ctx, &out->kern_type);
 	unmarshal_4(ctx, &out->kern_dev);
 	unmarshal_qid(ctx, &out->file_qid);
@@ -938,8 +942,11 @@ static ALWAYS_INLINE bool marshal_qid(struct _marshal_ctx *ctx, struct lib9p_qid
 }
 
 static ALWAYS_INLINE bool marshal_stat(struct _marshal_ctx *ctx, struct lib9p_stat *val) {
-	return marshal_2(ctx, &val->stat_size)
-	    || marshal_2(ctx, &val->kern_type)
+	uint32_t size_offset = ctx->net_offset;
+	return ((ctx->net_offset + 2 > ctx->ctx->max_msg_size)
+	       	? _marshal_too_large(ctx)
+	       	: ({ ctx->net_offset += 2; false; }))
+	return marshal_2(ctx, &val->kern_type)
 	    || marshal_4(ctx, &val->kern_dev)
 	    || marshal_qid(ctx, &val->file_qid)
 	    || marshal_dm(ctx, &val->file_mode)
@@ -953,7 +960,11 @@ static ALWAYS_INLINE bool marshal_stat(struct _marshal_ctx *ctx, struct lib9p_st
 	    || ( (ctx->ctx->version==LIB9P_VER_9P2000_u) && marshal_s(ctx, &val->file_extension) )
 	    || ( (ctx->ctx->version==LIB9P_VER_9P2000_u) && marshal_4(ctx, &val->file_owner_n_uid) )
 	    || ( (ctx->ctx->version==LIB9P_VER_9P2000_u) && marshal_4(ctx, &val->file_owner_n_gid) )
-	    || ( (ctx->ctx->version==LIB9P_VER_9P2000_u) && marshal_4(ctx, &val->file_last_modified_n_uid) );
+	    || ( (ctx->ctx->version==LIB9P_VER_9P2000_u) && marshal_4(ctx, &val->file_last_modified_n_uid) )
+	    || ((ctx->net_offset - size_offset > UINT16_MAX)
+	       	? lib9p_error(ctx->ctx, LINUX_ERANGE, "stat object too large")
+	       	: ({ encode_u16le((uint16_t)(ctx->net_offset - size_offset), &ctx->net_bytes[size_offset]);
+	               false; }));
 }
 
 static ALWAYS_INLINE bool marshal_o(struct _marshal_ctx *ctx, lib9p_o_t *val) {