mirror/cJSON
1
0
Fork 0
mirror of https://github.com/DaveGamble/cJSON.git synced 2023-08-10 21:13:26 +03:00
Code Issues Projects Releases Wiki Activity

fix buffer overflow (#30)

Browse Source
This commit is contained in:
Max Bruckner 2016-10-02 18:56:53 +07:00
parent 3a7bd6924a
commit 94df772485
1 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
cJSON.c
View File

@ -194,9 +194,20 @@ static const char *parse_string(cJSON *item,const char *str,const char **ep)
{
const char *ptr=str+1,*end_ptr=str+1;char *ptr2;char *out;int len=0;unsigned uc,uc2;
if (*str!='\"') {*ep=str;return 0;} /* not a string! */
while (*end_ptr!='\"' && *end_ptr && ++len) if (*end_ptr++ == '\\') end_ptr++; /* Skip escaped quotes. */
while (*end_ptr!='\"' && *end_ptr && ++len)
{
if (*end_ptr++ == '\\')
{
if (*end_ptr == '\0')
{
/* prevent buffer overflow when last input character is a backslash */
return 0;
}
end_ptr++; /* Skip escaped quotes. */
}
}
out=(char*)cJSON_malloc(len+1); /* This is how long we need for the string, roughly. */
if (!out) return 0;
item->valuestring=out; /* assign here so out will be deleted during cJSON_Delete() later */