mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-10-17 23:31:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

eval/decode: Avoid overflow when parsing incomplete null/true/false

Browse Source 
Note: second test does not crash or produce asan errors, even though it should.
This commit is contained in:
ZyX
2016-03-07 07:10:38 +03:00
parent 4a29995fe7
commit 4eb5d05f01
2 changed files with 68 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/nvim/eval/decode.c
View File

@@ -334,7 +334,7 @@ json_decode_string_cycle_start:
continue;
}
case 'n': {
if (strncmp(p + 1, "ull", 3) != 0) {
if ((p + 3) >= e || strncmp(p + 1, "ull", 3) != 0) {
EMSG2(_("E474: Expected null: %s"), p);
goto json_decode_string_fail;
}
@@ -347,7 +347,7 @@ json_decode_string_cycle_start:
break;
}
case 't': {
if (strncmp(p + 1, "rue", 3) != 0) {
if ((p + 3) >= e || strncmp(p + 1, "rue", 3) != 0) {
EMSG2(_("E474: Expected true: %s"), p);
goto json_decode_string_fail;
}
@@ -360,7 +360,7 @@ json_decode_string_cycle_start:
break;
}
case 'f': {
if (strncmp(p + 1, "alse", 4) != 0) {
if ((p + 4) >= e || strncmp(p + 1, "alse", 4) != 0) {
EMSG2(_("E474: Expected false: %s"), p);
goto json_decode_string_fail;
}