FGCOM/jansson
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Avoid integer overflows with very long strings

Browse Source
This commit is contained in:
Petri Lehtinen 2013-10-15 08:44:04 +03:00
parent 8dc3233f3b
commit d544852ff6
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/hashtable.c
View File

@ -249,6 +249,13 @@ int hashtable_set(hashtable_t *hashtable,
/* offsetof(...) returns the size of pair_t without the last, /* offsetof(...) returns the size of pair_t without the last,
flexible member. This way, the correct amount is flexible member. This way, the correct amount is
allocated. */ allocated. */
size_t len = strlen(key);
if(len > (size_t)-1 - offsetof(pair_t, key)) {
/* Avoid an overflow if the key is very long */
return -1;
}
pair = jsonp_malloc(offsetof(pair_t, key) + strlen(key) + 1); pair = jsonp_malloc(offsetof(pair_t, key) + strlen(key) + 1);
if(!pair) if(!pair)
return -1; return -1;

2
src/utf.c
View File

@ -173,7 +173,7 @@ int utf8_check_string(const char *string, size_t length)
return 0; return 0;
else if(count > 1) else if(count > 1)
{ {
if(i + count > length) if(count > length - i)
return 0; return 0;
if(!utf8_check_full(&string[i], count, NULL)) if(!utf8_check_full(&string[i], count, NULL))