EliasFleckenstein03
/
plan9front
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libjson: add slack space to literal string buffer to handle bad runes (thanks mischief) 

if the input string contains invalid utf-8, runetochar() produces
unicode replacement characters that can overflow the literal buffer.
as the overflow check is done after runetochar(), add UTFmax bytes
of slack space avoiding the issue.
front
cinap_lenrek 2016-04-27 12:59:06 +02:00
parent 651d6c2bc6
commit d8d47f14b5
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
sys/src/libjson/json.c
View File

@ -323,7 +323,7 @@ jsonparse(char *s)
memset(&l, 0, sizeof(l));
l.s = s;
l.slen = strlen(s);
if((l.buf = mallocz(l.slen+1, 1)) == nil)
if((l.buf = mallocz(l.slen+UTFmax+1, 1)) == nil)
return nil;
j = jsonobj(&l);
@ -336,6 +336,8 @@ jsonfree(JSON *j)
{
JSONEl *e, *f;
if(j == nil)
return;
switch(j->t){
case JSONString:
if(j->s)