diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2016-04-27 12:59:06 +0200 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2016-04-27 12:59:06 +0200 |
| commit | d8d47f14b5ed8f6d3f892761ed86c6ce2075c337 (patch) | |
| tree | 2ad900b9f04e93c877d14b15fd9053c447853b36 | |
| parent | 651d6c2bc68e7e5224c3ba41b094e37b1c1890ed (diff) | |
libjson: add slack space to literal string buffer to handle bad runes (thanks mischief)
if the input string contains invalid utf-8, runetochar() produces
unicode replacement characters that can overflow the literal buffer.
as the overflow check is done after runetochar(), add UTFmax bytes
of slack space avoiding the issue.
| -rw-r--r-- | sys/src/libjson/json.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/src/libjson/json.c b/sys/src/libjson/json.c index c62cfa248..74fd5eeb0 100644 --- a/sys/src/libjson/json.c +++ b/sys/src/libjson/json.c @@ -323,7 +323,7 @@ jsonparse(char *s) memset(&l, 0, sizeof(l)); l.s = s; l.slen = strlen(s); - if((l.buf = mallocz(l.slen+1, 1)) == nil) + if((l.buf = mallocz(l.slen+UTFmax+1, 1)) == nil) return nil; j = jsonobj(&l); @@ -336,6 +336,8 @@ jsonfree(JSON *j) { JSONEl *e, *f; + if(j == nil) + return; switch(j->t){ case JSONString: if(j->s) |