diff options
| author | Bram Moolenaar <Bram@vim.org> | 2019-05-19 19:59:35 +0200 |
|---|---|---|
| committer | Bram Moolenaar <Bram@vim.org> | 2019-05-19 19:59:35 +0200 |
| commit | 16e9b85113e0b354ece1cb4f5fcc7866850f3685 (patch) | |
| tree | 2abe4e3cffe8b0281f0690e5570a47eb2198a826 /src/json.c | |
| parent | f5842c5a533346c4ff41ff666e465c85f1de35d5 (diff) | |
patch 8.1.1355: obvious mistakes are accepted as valid expressionsv8.1.1355
Problem: Obvious mistakes are accepted as valid expressions.
Solution: Be more strict about parsing numbers. (Yasuhiro Matsumoto,
closes #3981)
Diffstat (limited to 'src/json.c')
| -rw-r--r-- | src/json.c | 22 |
1 files changed, 19 insertions, 3 deletions
diff --git a/src/json.c b/src/json.c index 9fb6af0def..8674bf2659 100644 --- a/src/json.c +++ b/src/json.c @@ -452,7 +452,12 @@ json_decode_string(js_read_T *reader, typval_T *res, int quote) nr = 0; len = 0; vim_str2nr(p + 2, NULL, &len, - STR2NR_HEX + STR2NR_FORCE, &nr, NULL, 4); + STR2NR_HEX + STR2NR_FORCE, &nr, NULL, 4, TRUE); + if (len == 0) + { + ga_clear(&ga); + return FAIL; + } p += len + 2; if (0xd800 <= nr && nr <= 0xdfff && (int)(reader->js_end - p) >= 6 @@ -463,7 +468,12 @@ json_decode_string(js_read_T *reader, typval_T *res, int quote) /* decode surrogate pair: \ud812\u3456 */ len = 0; vim_str2nr(p + 2, NULL, &len, - STR2NR_HEX + STR2NR_FORCE, &nr2, NULL, 4); + STR2NR_HEX + STR2NR_FORCE, &nr2, NULL, 4, TRUE); + if (len == 0) + { + ga_clear(&ga); + return FAIL; + } if (0xdc00 <= nr2 && nr2 <= 0xdfff) { p += len + 2; @@ -783,7 +793,13 @@ json_decode_item(js_read_T *reader, typval_T *res, int options) vim_str2nr(reader->js_buf + reader->js_used, NULL, &len, 0, /* what */ - &nr, NULL, 0); + &nr, NULL, 0, TRUE); + if (len == 0) + { + emsg(_(e_invarg)); + retval = FAIL; + goto theend; + } if (cur_item != NULL) { cur_item->v_type = VAR_NUMBER; |