mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-09-18 17:28:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

eval/decode: Do not overflow when parsing -

Browse Source 
Also makes if’s less nested.
This commit is contained in:
ZyX
2016-03-10 01:06:43 +03:00
parent 2b0d46195b
commit d06c2a1b18
2 changed files with 36 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/nvim/eval/decode.c
View File

@@ -503,6 +503,9 @@ static inline int parse_json_number(const char *const buf, const size_t buf_len,
p++;
}
ints = p;
if (p >= e) {
goto parse_json_number_check;
}
while (p < e && ascii_isdigit(*p)) {
p++;
}
@@ -510,15 +513,20 @@ static inline int parse_json_number(const char *const buf, const size_t buf_len,
emsgf(_("E474: Leading zeroes are not allowed: %.*s"), LENP(s, e));
goto parse_json_number_fail;
}
if (p < e && p != ints && (*p == '.' || *p == 'e' || *p == 'E')) {
if (p >= e || p == ints) {
goto parse_json_number_check;
}
if (*p == '.') {
p++;
fracs = p;
while (p < e && ascii_isdigit(*p)) {
p++;
}
if (p >= e || p == fracs) {
goto parse_json_number_check;
}
if (p < e && (*p == 'e' || *p == 'E')) {
}
if (*p == 'e' || *p == 'E') {
p++;
exps_s = p;
if (p < e && (*p == '-' || *p == '+')) {
@@ -529,7 +537,7 @@ static inline int parse_json_number(const char *const buf, const size_t buf_len,
p++;
}
}
}
parse_json_number_check:
if (p == ints) {
emsgf(_("E474: Missing number after minus sign: %.*s"), LENP(s, e));
goto parse_json_number_fail;

8
test/unit/eval/decode_spec.lua
View File

@@ -76,7 +76,6 @@ describe('json_decode_string()', function()
eq(decode.VAR_UNKNOWN, rettv.v_type)
end)
it('does not overflow in error messages', function()
local check_failure = function(s, len, msg)
local rettv = ffi.new('typval_T', {v_type=decode.VAR_UNKNOWN})
eq(0, decode.json_decode_string(s, len, rettv))
@@ -84,7 +83,8 @@ describe('json_decode_string()', function()
neq(nil, decode.last_msg_hist)
eq(msg, ffi.string(decode.last_msg_hist.msg))
end
local rettv = ffi.new('typval_T', {v_type=decode.VAR_UNKNOWN})
it('does not overflow in error messages', function()
check_failure(']test', 1, 'E474: No container to close: ]')
check_failure('[}test', 2, 'E474: Closing list with curly bracket: }')
check_failure('{]test', 2,
@@ -129,6 +129,10 @@ describe('json_decode_string()', function()
check_failure('[1test', 2, 'E474: Unexpected end of input: [1')
end)
it('does not overflow with `-`', function()
check_failure('-0', 1, 'E474: Missing number after minus sign: -')
end)
it('does not overflow and crash when running with `"`', function()
local rettv = ffi.new('typval_T', {v_type=decode.VAR_UNKNOWN})
decode.emsg_silent = 1