Branch: Tag:

2017-06-29

2017-06-29 16:32:07 by Arne Goedeke <el@laramies.com>

Stdio.Buffer: fixed integer overflow in read_json()

If the decoded JSON is larger than INT_MAX, it could not be correctly
decoded from a buffer.

132:    static void io_trim( Buffer *io )    ATTRIBUTE((noinline));    -  static INT_TYPE io_consume( Buffer *io, int num ) +  static INT_TYPE io_consume( Buffer *io, ptrdiff_t num )    {    io->offset += num;    if( UNLIKELY(io->allocated > (io_len(io) * io->max_waste)) )
1953:    */    PIKEFUN mixed read_json(int|void require_whitespace)    { -  int stop, whites = 0; +  INT_TYPES whites = 0; +  ptrdiff_t stop;    static ptrdiff_t(*parse_json_pcharp)(PCHARP,size_t,int,char**);    char *err = NULL;    if( require_whitespace )