ref: d20d7f7892d137c6c72544dfc2a7c76f1bccb7d8
parent: 2b1bd0cd39d6db436f527b911b50e1c5e7190255
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Wed Apr 27 08:59:06 EDT 2016
libjson: add slack space to literal string buffer to handle bad runes (thanks mischief) if the input string contains invalid utf-8, runetochar() produces unicode replacement characters that can overflow the literal buffer. as the overflow check is done after runetochar(), add UTFmax bytes of slack space avoiding the issue.
--- a/sys/src/libjson/json.c
+++ b/sys/src/libjson/json.c
@@ -323,7 +323,7 @@
memset(&l, 0, sizeof(l));
l.s = s;
l.slen = strlen(s);
- if((l.buf = mallocz(l.slen+1, 1)) == nil)
+ if((l.buf = mallocz(l.slen+UTFmax+1, 1)) == nil)
return nil;
j = jsonobj(&l);
@@ -336,6 +336,8 @@
{JSONEl *e, *f;
+ if(j == nil)
+ return;
switch(j->t){case JSONString:
if(j->s)
--
⑨