eval/decode: Do not overflow when parsing -

Also makes if’s less nested.
2025-09-18 17:28:23 +00:00 · 2016-03-10 01:06:43 +03:00
parent 2b0d46195b
commit d06c2a1b18
2 changed files with 36 additions and 24 deletions
--- a/src/nvim/eval/decode.c
+++ b/src/nvim/eval/decode.c
@@ -503,6 +503,9 @@ static inline int parse_json_number(const char *const buf, const size_t buf_len,
    p++;
  }
  ints = p;
+  if (p >= e) {
+    goto parse_json_number_check;
+  }
  while (p < e && ascii_isdigit(*p)) {
    p++;
  }
@@ -510,26 +513,31 @@ static inline int parse_json_number(const char *const buf, const size_t buf_len,
    emsgf(_("E474: Leading zeroes are not allowed: %.*s"), LENP(s, e));
    goto parse_json_number_fail;
  }
-  if (p < e && p != ints && (*p == '.' || *p == 'e' || *p == 'E')) {
-    if (*p == '.') {
+  if (p >= e || p == ints) {
+    goto parse_json_number_check;
+  }
+  if (*p == '.') {
+    p++;
+    fracs = p;
+    while (p < e && ascii_isdigit(*p)) {
      p++;
-      fracs = p;
-      while (p < e && ascii_isdigit(*p)) {
-        p++;
-      }
    }
-    if (p < e && (*p == 'e' || *p == 'E')) {
-      p++;
-      exps_s = p;
-      if (p < e && (*p == '-' || *p == '+')) {
-        p++;
-      }
-      exps = p;
-      while (p < e && ascii_isdigit(*p)) {
-        p++;
-      }
+    if (p >= e || p == fracs) {
+      goto parse_json_number_check;
    }
  }
+  if (*p == 'e' || *p == 'E') {
+    p++;
+    exps_s = p;
+    if (p < e && (*p == '-' || *p == '+')) {
+      p++;
+    }
+    exps = p;
+    while (p < e && ascii_isdigit(*p)) {
+      p++;
+    }
+  }
+parse_json_number_check:
  if (p == ints) {
    emsgf(_("E474: Missing number after minus sign: %.*s"), LENP(s, e));
    goto parse_json_number_fail;