mirror/cJSON
1
0
Fork 0
mirror of https://github.com/DaveGamble/cJSON.git synced 2023-08-10 21:13:26 +03:00
Code Issues Projects Releases Wiki Activity

decode_array_index_from_pointer: parse manually

Browse Source 
This allows checking for leading zeroes and invalid characters after the index
This commit is contained in:
Max Bruckner 2017-04-12 12:06:27 +02:00
parent c66342d871
commit d67b008d4b
1 changed files with 29 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
cJSON_Utils.c
View File

@ -207,6 +207,33 @@ static cJSON *get_array_item(const cJSON *array, size_t item)
return child; return child;
} }
static cJSON_bool decode_array_index_from_pointer(const unsigned char * const pointer, size_t * const index)
{
size_t parsed_index = 0;
size_t position = 0;
if ((pointer[0] == '0') && ((pointer[1] != '\0') && (pointer[1] != '/')))
{
/* leading zeroes are not permitted */
return 0;
}
for (position = 0; (pointer[position] >= '0') && (*pointer <= '9'); position++)
{
parsed_index = (10 * parsed_index) + (size_t)(pointer[position] - '0');
}
if ((pointer[position] != '\0') && (pointer[position] != '/'))
{
return 0;
}
*index = parsed_index;
return 1;
}
CJSON_PUBLIC(cJSON *) cJSONUtils_GetPointer(cJSON *object, const char *pointer) CJSON_PUBLIC(cJSON *) cJSONUtils_GetPointer(cJSON *object, const char *pointer)
{ {
/* follow path of the pointer */ /* follow path of the pointer */
@ -215,16 +242,11 @@ CJSON_PUBLIC(cJSON *) cJSONUtils_GetPointer(cJSON *object, const char *pointer)
if (cJSON_IsArray(object)) if (cJSON_IsArray(object))
{ {
size_t index = 0; size_t index = 0;
/* parse array index */ if (!decode_array_index_from_pointer((const unsigned char*)pointer, &index))
while ((*pointer >= '0') && (*pointer <= '9'))
{ {
index = (10 * index) + (size_t)(*pointer++ - '0');
}
if (*pointer && (*pointer != '/'))
{
/* not end of string or new path token */
return NULL; return NULL;
} }
object = get_array_item(object, index); object = get_array_item(object, index);
} }
else if (cJSON_IsObject(object)) else if (cJSON_IsObject(object))
@ -271,22 +293,6 @@ static void cJSONUtils_InplaceDecodePointerString(unsigned char *string)
*s2 = '\0'; *s2 = '\0';
} }
static cJSON_bool decode_array_index_from_pointer(const unsigned char * const pointer, size_t * const index)
{
char *end_pointer = NULL;
long int parsed_index = strtol((const char*)pointer, &end_pointer, 10);
if (((unsigned char*)end_pointer == pointer) || (parsed_index < 0) || (*end_pointer != '\0'))
{
/* array index is invalid */
return 0;
}
*index = (size_t)parsed_index;
return 1;
}
/* non-broken cJSON_DetachItemFromArray */ /* non-broken cJSON_DetachItemFromArray */
static cJSON *detach_item_from_array(cJSON *array, size_t which) static cJSON *detach_item_from_array(cJSON *array, size_t which)
{ {