diff options
| author | ZyX <kp-pav@yandex.ru> | 2016-03-07 07:10:38 +0300 |
|---|---|---|
| committer | ZyX <kp-pav@yandex.ru> | 2016-04-18 02:48:20 +0300 |
| commit | 4eb5d05f018bc568580c85f17ddb304fcec364ca (patch) | |
| tree | 012fd9a854f1febe2879252ee3d34775b04919fd /src | |
| parent | 4a29995fe74ed95c641ef40c68d8a4223e90cccf (diff) | |
| download | rneovim-4eb5d05f018bc568580c85f17ddb304fcec364ca.tar.gz rneovim-4eb5d05f018bc568580c85f17ddb304fcec364ca.tar.bz2 rneovim-4eb5d05f018bc568580c85f17ddb304fcec364ca.zip | |
eval/decode: Avoid overflow when parsing incomplete null/true/false
Note: second test does not crash or produce asan errors, even though it should.
Diffstat (limited to 'src')
| -rw-r--r-- | src/nvim/eval/decode.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/nvim/eval/decode.c b/src/nvim/eval/decode.c index fc6e912c20..35e8421716 100644 --- a/src/nvim/eval/decode.c +++ b/src/nvim/eval/decode.c @@ -334,7 +334,7 @@ json_decode_string_cycle_start: continue; } case 'n': { - if (strncmp(p + 1, "ull", 3) != 0) { + if ((p + 3) >= e || strncmp(p + 1, "ull", 3) != 0) { EMSG2(_("E474: Expected null: %s"), p); goto json_decode_string_fail; } @@ -347,7 +347,7 @@ json_decode_string_cycle_start: break; } case 't': { - if (strncmp(p + 1, "rue", 3) != 0) { + if ((p + 3) >= e || strncmp(p + 1, "rue", 3) != 0) { EMSG2(_("E474: Expected true: %s"), p); goto json_decode_string_fail; } @@ -360,7 +360,7 @@ json_decode_string_cycle_start: break; } case 'f': { - if (strncmp(p + 1, "alse", 4) != 0) { + if ((p + 4) >= e || strncmp(p + 1, "alse", 4) != 0) { EMSG2(_("E474: Expected false: %s"), p); goto json_decode_string_fail; } |