Permalink
Browse files

Fix buffer overrun in truncated unicode escape sequences

  • Loading branch information...
udp committed Feb 22, 2018
1 parent b1b09b5 commit b42439a2927a879f40698e4861e727c4265c13e6
Showing with 2 additions and 2 deletions.
  1. +2 −2 json.c
View
4 json.c
@@ -297,7 +297,7 @@ json_value * json_parse_ex (json_settings * settings,
case 't': string_add ('\t'); break;
case 'u':
- if (end - state.ptr < 4 ||
+ if (end - state.ptr <= 4 ||
(uc_b1 = hex_value (*++ state.ptr)) == 0xFF ||
(uc_b2 = hex_value (*++ state.ptr)) == 0xFF ||
(uc_b3 = hex_value (*++ state.ptr)) == 0xFF ||
@@ -314,7 +314,7 @@ json_value * json_parse_ex (json_settings * settings,
if ((uchar & 0xF800) == 0xD800) {
json_uchar uchar2;
- if (end - state.ptr < 6 || (*++ state.ptr) != '\\' || (*++ state.ptr) != 'u' ||
+ if (end - state.ptr <= 6 || (*++ state.ptr) != '\\' || (*++ state.ptr) != 'u' ||
(uc_b1 = hex_value (*++ state.ptr)) == 0xFF ||
(uc_b2 = hex_value (*++ state.ptr)) == 0xFF ||
(uc_b3 = hex_value (*++ state.ptr)) == 0xFF ||

0 comments on commit b42439a

Please sign in to comment.