added overflow check when parsing integers
This commit is contained in:
@@ -2,6 +2,7 @@
|
|||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
|
#include <stdint.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <ctype.h>
|
#include <ctype.h>
|
||||||
#include "xjson.h"
|
#include "xjson.h"
|
||||||
@@ -324,7 +325,15 @@ static xj_value *parseNumber(context_t *ctx)
|
|||||||
|
|
||||||
while(ctx->i < ctx->len && isdigit(ctx->str[ctx->i]))
|
while(ctx->i < ctx->len && isdigit(ctx->str[ctx->i]))
|
||||||
{
|
{
|
||||||
|
if(parsed > (INT64_MAX - ctx->str[ctx->i] + '0') / 10)
|
||||||
|
{
|
||||||
|
/* Overflow */
|
||||||
|
xj_report(ctx->error, "Integer would overflow");
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
parsed = parsed * 10 + ctx->str[ctx->i] - '0';
|
parsed = parsed * 10 + ctx->str[ctx->i] - '0';
|
||||||
|
|
||||||
ctx->i += 1;
|
ctx->i += 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user