From 134b062be7cf2b62d0e69772836e6312fd9e60d5 Mon Sep 17 00:00:00 2001
From: Stephen Dolan <mu@netsoc.tcd.ie>
Date: Tue, 18 Sep 2012 23:45:30 +0100
Subject: Fix a parsing bug for \uXXXX escapes (some invalid escapes were
 accepted).

Found by gcc -O -Wall identifying a use of uninitialised variables.
---
 jv_parse.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/jv_parse.c b/jv_parse.c
index e4565ef7..63cdf935 100644
--- a/jv_parse.c
+++ b/jv_parse.c
@@ -155,6 +155,7 @@ static int unhex4(char* hex) {
     if ('0' <= c && c <= '9') n = c - '0';
     else if ('a' <= c && c <= 'f') n = c - 'a' + 10;
     else if ('A' <= c && c <= 'F') n = c - 'A' + 10;
+    else return -1;
     r <<= 4;
     r |= n;
   }
@@ -186,7 +187,10 @@ static pfunc found_string(struct jv_parser* p) {
         /* ahh, the complicated case */
         if (in + 4 > end)
           return "Invalid \\uXXXX escape";
-        unsigned long codepoint = unhex4(in);
+        int hexvalue = unhex4(in);
+        if (hexvalue < 0)
+          return "Invalid characters in \\uXXXX escape";
+        unsigned long codepoint = (unsigned long)hexvalue;
         in += 4;
         if (0xD800 <= codepoint && codepoint <= 0xDBFF) {
           /* who thought UTF-16 surrogate pairs were a good idea? */
-- 
cgit v1.2.3