From d06c2a1b1846a96a45625ad5472a235b2d249933 Mon Sep 17 00:00:00 2001 From: ZyX Date: Thu, 10 Mar 2016 01:06:43 +0300 Subject: eval/decode: Do not overflow when parsing `-` MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Also makes if’s less nested. --- src/nvim/eval/decode.c | 38 +++++++++++++++++++++++--------------- 1 file changed, 23 insertions(+), 15 deletions(-) (limited to 'src') diff --git a/src/nvim/eval/decode.c b/src/nvim/eval/decode.c index 1303e288c3..2e9bf8fbac 100644 --- a/src/nvim/eval/decode.c +++ b/src/nvim/eval/decode.c @@ -503,6 +503,9 @@ static inline int parse_json_number(const char *const buf, const size_t buf_len, p++; } ints = p; + if (p >= e) { + goto parse_json_number_check; + } while (p < e && ascii_isdigit(*p)) { p++; } @@ -510,26 +513,31 @@ static inline int parse_json_number(const char *const buf, const size_t buf_len, emsgf(_("E474: Leading zeroes are not allowed: %.*s"), LENP(s, e)); goto parse_json_number_fail; } - if (p < e && p != ints && (*p == '.' || *p == 'e' || *p == 'E')) { - if (*p == '.') { + if (p >= e || p == ints) { + goto parse_json_number_check; + } + if (*p == '.') { + p++; + fracs = p; + while (p < e && ascii_isdigit(*p)) { p++; - fracs = p; - while (p < e && ascii_isdigit(*p)) { - p++; - } } - if (p < e && (*p == 'e' || *p == 'E')) { + if (p >= e || p == fracs) { + goto parse_json_number_check; + } + } + if (*p == 'e' || *p == 'E') { + p++; + exps_s = p; + if (p < e && (*p == '-' || *p == '+')) { + p++; + } + exps = p; + while (p < e && ascii_isdigit(*p)) { p++; - exps_s = p; - if (p < e && (*p == '-' || *p == '+')) { - p++; - } - exps = p; - while (p < e && ascii_isdigit(*p)) { - p++; - } } } +parse_json_number_check: if (p == ints) { emsgf(_("E474: Missing number after minus sign: %.*s"), LENP(s, e)); goto parse_json_number_fail; -- cgit