xfnw/plan9fox
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

libjson: add slack space to literal string buffer to handle bad runes (thanks mischief)

Browse source 
if the input string contains invalid utf-8, runetochar() produces
unicode replacement characters that can overflow the literal buffer.
as the overflow check is done after runetochar(), add UTFmax bytes
of slack space avoiding the issue.
This commit is contained in:
cinap_lenrek 2016-04-27 12:59:06 +02:00
parent 651d6c2bc6
commit d8d47f14b5
1 changed files with 3 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
sys/src/libjson/json.c
View file

@ -323,7 +323,7 @@ jsonparse(char *s)
memset(&l, 0, sizeof(l));
l.s = s;
l.slen = strlen(s);
if((l.buf = mallocz(l.slen+1, 1)) == nil)
if((l.buf = mallocz(l.slen+UTFmax+1, 1)) == nil)
return nil;
j = jsonobj(&l);
@ -336,6 +336,8 @@ jsonfree(JSON *j)
{
JSONEl *e, *f;
if(j == nil)
return;
switch(j->t){
case JSONString:
if(j->s)