json: Add overflow checks for integer and float parsing

Signed-off-by: Arun Raghavan <arun@arunraghavan.net>
2025-11-04 13:29:59 -05:00 · 2016-06-01 17:18:34 +05:30 · 2016-06-01 17:18:34 +05:30 · 777a5091f6
commit 777a5091f6
parent 708b4aac91
2 changed files with 21 additions and 0 deletions
--- a/src/pulse/json.c
+++ b/src/pulse/json.c
@ -211,6 +211,11 @@ static const char* parse_number(const char *str, pa_json_object *obj) {
    }
    while (is_digit(*str)) {
        if (integer > ((negative ? INT_MAX : UINT_MAX) / 10)) {
            pa_log("Integer overflow while parsing number");
            goto error;
        }
        integer = (integer * 10) + (*str - '0');
        str++;
    }
@ -221,6 +226,11 @@ fraction:
        str++;
        while (is_digit(*str)) {
            if (fraction > (UINT_MAX / 10)) {
                pa_log("Integer overflow while parsing fractional part of number");
                goto error;
            }
            fraction = (fraction * 10) + (*str - '0');
            fraction_digits++;
            str++;
@ -240,6 +250,11 @@ fraction:
            str++;
        while (is_digit(*str)) {
            if (exponent > (INT_MAX / 10)) {
                pa_log("Integer overflow while parsing exponent part of number");
                goto error;
            }
            exponent = (exponent * 10) + (*str - '0');
            str++;
        }
@ -258,6 +273,9 @@ fraction:
    }
    return str;
 error:
    return NULL;
 }
 static const char *parse_object(const char *str, pa_json_object *obj) {
--- a/src/tests/json-test.c
+++ b/src/tests/json-test.c
@ -220,6 +220,9 @@ START_TEST(bad_test) {
    unsigned int i;
    const char *bad_parse[] = {
        "\"" /* Quote not closed */,
        "123456789012345678901234567890" /* Overflow */,
        "0.123456789012345678901234567890" /* Overflow */,
        "1e123456789012345678901234567890" /* Overflow */,
    };
    for (i = 0; i < PA_ELEMENTSOF(bad_parse); i++) {