cJSON

mirror of Dave's cJSON
git clone git://git.thc420.xyz/cJSON
Log | Files | Refs | README | LICENSE

commit a167d9e381e5c84bc03de4e261757b031c0c690d
parent b537ca70a35680db66f1f5b8b437f7114daa699a
Author: Max Bruckner <max@maxbruckner.de>
Date:   Wed, 10 May 2017 02:09:01 +0200

Fix reading buffer overflow in parse_string

Diffstat:
McJSON.c | 4++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cJSON.c b/cJSON.c @@ -657,7 +657,7 @@ static cJSON_bool parse_string(cJSON * const item, parse_buffer * const input_bu /* calculate approximate size of the output (overestimate) */ size_t allocation_length = 0; size_t skipped_bytes = 0; - while ((*input_end != '\"') && ((size_t)(input_end - input_buffer->content) < input_buffer->length)) + while (((size_t)(input_end - input_buffer->content) < input_buffer->length) && (*input_end != '\"')) { /* is escape sequence */ if (input_end[0] == '\\') @@ -672,7 +672,7 @@ static cJSON_bool parse_string(cJSON * const item, parse_buffer * const input_bu } input_end++; } - if (*input_end != '\"') + if (((size_t)(input_end - input_buffer->content) >= input_buffer->length) || (*input_end != '\"')) { goto fail; /* string ended unexpectedly */ }