summaryrefslogtreecommitdiff
path: root/src/pulse
diff options
context:
space:
mode:
authorArun Raghavan <arun@arunraghavan.net>2016-06-01 17:18:34 +0530
committerArun Raghavan <arun@arunraghavan.net>2016-06-22 21:04:47 +0530
commit777a5091f613d1a2cf67248e33da3a8961ab9bbb (patch)
treeb13b834c95cf22e4bdb49f3d70972663ba530feb /src/pulse
parent708b4aac91ce8220480df6a34ccb491be2b8d490 (diff)
json: Add overflow checks for integer and float parsing
Signed-off-by: Arun Raghavan <arun@arunraghavan.net>
Diffstat (limited to 'src/pulse')
-rw-r--r--src/pulse/json.c18
1 files changed, 18 insertions, 0 deletions
diff --git a/src/pulse/json.c b/src/pulse/json.c
index 6297902c..d77c7adc 100644
--- a/src/pulse/json.c
+++ b/src/pulse/json.c
@@ -211,6 +211,11 @@ static const char* parse_number(const char *str, pa_json_object *obj) {
}
while (is_digit(*str)) {
+ if (integer > ((negative ? INT_MAX : UINT_MAX) / 10)) {
+ pa_log("Integer overflow while parsing number");
+ goto error;
+ }
+
integer = (integer * 10) + (*str - '0');
str++;
}
@@ -221,6 +226,11 @@ fraction:
str++;
while (is_digit(*str)) {
+ if (fraction > (UINT_MAX / 10)) {
+ pa_log("Integer overflow while parsing fractional part of number");
+ goto error;
+ }
+
fraction = (fraction * 10) + (*str - '0');
fraction_digits++;
str++;
@@ -240,6 +250,11 @@ fraction:
str++;
while (is_digit(*str)) {
+ if (exponent > (INT_MAX / 10)) {
+ pa_log("Integer overflow while parsing exponent part of number");
+ goto error;
+ }
+
exponent = (exponent * 10) + (*str - '0');
str++;
}
@@ -258,6 +273,9 @@ fraction:
}
return str;
+
+error:
+ return NULL;
}
static const char *parse_object(const char *str, pa_json_object *obj) {