diff options
| author | ZyX <kp-pav@yandex.ru> | 2016-03-10 01:06:43 +0300 |
|---|---|---|
| committer | ZyX <kp-pav@yandex.ru> | 2016-04-18 02:48:20 +0300 |
| commit | d06c2a1b1846a96a45625ad5472a235b2d249933 (patch) | |
| tree | 963e2c8fc0186f15127be9f55310a2120f1226ff /src/nvim/eval/decode.c | |
| parent | 2b0d46195be0792791171aa23d04ee7ba31c54c9 (diff) | |
| download | rneovim-d06c2a1b1846a96a45625ad5472a235b2d249933.tar.gz rneovim-d06c2a1b1846a96a45625ad5472a235b2d249933.tar.bz2 rneovim-d06c2a1b1846a96a45625ad5472a235b2d249933.zip | |
eval/decode: Do not overflow when parsing `-`
Also makes if’s less nested.
Diffstat (limited to 'src/nvim/eval/decode.c')
| -rw-r--r-- | src/nvim/eval/decode.c | 38 |
1 files changed, 23 insertions, 15 deletions
diff --git a/src/nvim/eval/decode.c b/src/nvim/eval/decode.c index 1303e288c3..2e9bf8fbac 100644 --- a/src/nvim/eval/decode.c +++ b/src/nvim/eval/decode.c @@ -503,6 +503,9 @@ static inline int parse_json_number(const char *const buf, const size_t buf_len, p++; } ints = p; + if (p >= e) { + goto parse_json_number_check; + } while (p < e && ascii_isdigit(*p)) { p++; } @@ -510,26 +513,31 @@ static inline int parse_json_number(const char *const buf, const size_t buf_len, emsgf(_("E474: Leading zeroes are not allowed: %.*s"), LENP(s, e)); goto parse_json_number_fail; } - if (p < e && p != ints && (*p == '.' || *p == 'e' || *p == 'E')) { - if (*p == '.') { + if (p >= e || p == ints) { + goto parse_json_number_check; + } + if (*p == '.') { + p++; + fracs = p; + while (p < e && ascii_isdigit(*p)) { p++; - fracs = p; - while (p < e && ascii_isdigit(*p)) { - p++; - } } - if (p < e && (*p == 'e' || *p == 'E')) { + if (p >= e || p == fracs) { + goto parse_json_number_check; + } + } + if (*p == 'e' || *p == 'E') { + p++; + exps_s = p; + if (p < e && (*p == '-' || *p == '+')) { + p++; + } + exps = p; + while (p < e && ascii_isdigit(*p)) { p++; - exps_s = p; - if (p < e && (*p == '-' || *p == '+')) { - p++; - } - exps = p; - while (p < e && ascii_isdigit(*p)) { - p++; - } } } +parse_json_number_check: if (p == ints) { emsgf(_("E474: Missing number after minus sign: %.*s"), LENP(s, e)); goto parse_json_number_fail; |