mirror/json11
2
0
Fork 0
mirror of https://github.com/dropbox/json11.git synced 2025-03-07 19:56:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

For extra safety, add an explicit bounds check in utf8 parsing.

Browse Source
This commit is contained in:
Andrew Krieger 2015-04-22 14:00:47 -07:00
parent cfdd67577c
commit e15ff418dd
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
json11.cpp
View File

@ -435,6 +435,12 @@ struct JsonParser {
if (ch == 'u') {
// Extract 4-byte escape sequence
string esc = str.substr(i, 4);
// Explicitly check length of the substring. The following loop
// relies on std::string returning the terminating NUL when
// accessing str[length]. Checking here reduces brittleness.
if (esc.length() < 4) {
return fail("bad \\u escape: " + esc, "");
}
for (int j = 0; j < 4; j++) {
if (!in_range(esc[j], 'a', 'f') && !in_range(esc[j], 'A', 'F')
&& !in_range(esc[j], '0', '9'))