From 186680a5114727a705e36e242ce67e6da295759c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C9=B9=C9=90=C9=AFs=C7=9D=CA=8E?= Date: Tue, 3 Dec 2019 01:59:32 -0800 Subject: [PATCH] Guard against potential integer overflow (#133) * Guard against potential integer overflow If int res holds the value INT_MAX then adding 1 results in undefined behavior. To guard against this possibility, cast res to size_t, not the result of res + 1. Fixes #132 * Increments version. * More consitent parentheses when casting to size_t. --- CMakeLists.txt | 2 +- package.json | 2 +- parson.c | 6 +++--- parson.h | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index b63d9d9..f369d16 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -3,7 +3,7 @@ project(parson C) include (GNUInstallDirs) -set(PARSON_VERSION 1.0.1) +set(PARSON_VERSION 1.0.2) add_library(parson parson.c) target_include_directories(parson PUBLIC $) diff --git a/package.json b/package.json index b2876bc..b6953f1 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "parson", - "version": "1.0.1", + "version": "1.0.2", "repo": "kgabis/parson", "description": "Small json parser and reader", "keywords": [ "json", "parser" ], diff --git a/parson.c b/parson.c index 621cc49..a8f1f61 100644 --- a/parson.c +++ b/parson.c @@ -1,7 +1,7 @@ /* SPDX-License-Identifier: MIT - Parson 1.0.1 ( http://kgabis.github.com/parson/ ) + Parson 1.0.2 ( http://kgabis.github.com/parson/ ) Copyright (c) 2012 - 2019 Krzysztof Gabis Permission is hereby granted, free of charge, to any person obtaining a copy @@ -1496,7 +1496,7 @@ JSON_Value * json_value_deep_copy(const JSON_Value *value) { size_t json_serialization_size(const JSON_Value *value) { char num_buf[NUM_BUF_SIZE]; /* recursively allocating buffer on stack is a bad idea, so let's do it only once */ int res = json_serialize_to_buffer_r(value, NULL, 0, 0, num_buf); - return res < 0 ? 0 : (size_t)(res + 1); + return res < 0 ? 0 : (size_t)(res) + 1; } JSON_Status json_serialize_to_buffer(const JSON_Value *value, char *buf, size_t buf_size_in_bytes) { @@ -1556,7 +1556,7 @@ char * json_serialize_to_string(const JSON_Value *value) { size_t json_serialization_size_pretty(const JSON_Value *value) { char num_buf[NUM_BUF_SIZE]; /* recursively allocating buffer on stack is a bad idea, so let's do it only once */ int res = json_serialize_to_buffer_r(value, NULL, 0, 1, num_buf); - return res < 0 ? 0 : (size_t)(res + 1); + return res < 0 ? 0 : (size_t)(res) + 1; } JSON_Status json_serialize_to_buffer_pretty(const JSON_Value *value, char *buf, size_t buf_size_in_bytes) { diff --git a/parson.h b/parson.h index 606e4c4..c508dab 100644 --- a/parson.h +++ b/parson.h @@ -1,7 +1,7 @@ /* SPDX-License-Identifier: MIT - Parson 1.0.1 ( http://kgabis.github.com/parson/ ) + Parson 1.0.2 ( http://kgabis.github.com/parson/ ) Copyright (c) 2012 - 2019 Krzysztof Gabis Permission is hereby granted, free of charge, to any person obtaining a copy