mirror/cJSON
1
0
Fork 0
mirror of https://github.com/DaveGamble/cJSON.git synced 2023-08-10 21:13:26 +03:00
Code Issues Projects Releases Wiki Activity

Fix reading buffer overflow in parse_string

Browse Source
This commit is contained in:
Max Bruckner 2017-05-10 02:09:01 +02:00
parent b537ca70a3
commit a167d9e381
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cJSON.c
View File

@ -657,7 +657,7 @@ static cJSON_bool parse_string(cJSON * const item, parse_buffer * const input_bu
/* calculate approximate size of the output (overestimate) */
size_t allocation_length = 0;
size_t skipped_bytes = 0;
while ((*input_end != '\"') && ((size_t)(input_end - input_buffer->content) < input_buffer->length))
while (((size_t)(input_end - input_buffer->content) < input_buffer->length) && (*input_end != '\"'))
{
/* is escape sequence */
if (input_end[0] == '\\')
@ -672,7 +672,7 @@ static cJSON_bool parse_string(cJSON * const item, parse_buffer * const input_bu
}
input_end++;
}
if (*input_end != '\"')
if (((size_t)(input_end - input_buffer->content) >= input_buffer->length) || (*input_end != '\"'))
{
goto fail; /* string ended unexpectedly */
}