Skip to content
Permalink
Browse files Browse the repository at this point in the history
fix buffer overflow (#30)
  • Loading branch information
FSMaxB committed Oct 2, 2016
1 parent 3a7bd69 commit 94df772
Showing 1 changed file with 14 additions and 3 deletions.
17 changes: 14 additions & 3 deletions cJSON.c
Expand Up @@ -194,9 +194,20 @@ static const char *parse_string(cJSON *item,const char *str,const char **ep)
{
const char *ptr=str+1,*end_ptr=str+1;char *ptr2;char *out;int len=0;unsigned uc,uc2;
if (*str!='\"') {*ep=str;return 0;} /* not a string! */

while (*end_ptr!='\"' && *end_ptr && ++len) if (*end_ptr++ == '\\') end_ptr++; /* Skip escaped quotes. */


while (*end_ptr!='\"' && *end_ptr && ++len)
{
if (*end_ptr++ == '\\')
{
if (*end_ptr == '\0')
{
/* prevent buffer overflow when last input character is a backslash */
return 0;
}
end_ptr++; /* Skip escaped quotes. */
}
}

out=(char*)cJSON_malloc(len+1); /* This is how long we need for the string, roughly. */
if (!out) return 0;
item->valuestring=out; /* assign here so out will be deleted during cJSON_Delete() later */
Expand Down

0 comments on commit 94df772

Please sign in to comment.