From fabd4d2e2e3ce734730c56660a958f9cf9dc7d38 Mon Sep 17 00:00:00 2001
From: MarcoFalke <*~=`'#}+{/-|&$^_@721217.xyz>
Date: Mon, 2 Feb 2026 18:38:58 +0100
Subject: [PATCH] refactor: Avoid UB in SpanReader::ignore

Currently std::span::subspan is called without checking the size first.

This is UB, unless the std lib is hardened.

With a hardened stdlib, the program aborts:

> include/c++/v1/span:512: libc++ Hardening assertion __offset <= size()
> failed: span<T>::subspan(offset, count): offset out of range

Fix the UB and the abort by using the implementation from DataStream,
which throws when hitting end-of-data.

This commit should not change any behavior, because the UB is currently
unreachable. Also, the newly added throw should properly be caught by
any code that calls any streams function.
---
 src/streams.h | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/streams.h b/src/streams.h
index e5a18c56b74..be6b7452a86 100644
--- a/src/streams.h
+++ b/src/streams.h
@@ -117,6 +117,9 @@ public:
 
     void ignore(size_t n)
     {
+        if (n > m_data.size()) {
+            throw std::ios_base::failure("SpanReader::ignore(): end of data");
+        }
         m_data = m_data.subspan(n);
     }
 };