Mercurial > vim

diff src/json.c @ 16706:77bcb5055fec v8.1.1355

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 8.1.1355: obvious mistakes are accepted as valid expressions commit https://github.com/vim/vim/commit/16e9b85113e0b354ece1cb4f5fcc7866850f3685 Author: Bram Moolenaar <Bram@vim.org> Date: Sun May 19 19:59:35 2019 +0200 patch 8.1.1355: obvious mistakes are accepted as valid expressions Problem: Obvious mistakes are accepted as valid expressions. Solution: Be more strict about parsing numbers. (Yasuhiro Matsumoto, closes #3981)
author Bram Moolenaar <Bram@vim.org>
date Sun, 19 May 2019 20:00:09 +0200
parents a2c598cbe220
children 6fdb0ae0cac3
line wrap: on
line diff
--- a/src/json.c
+++ b/src/json.c
@@ -452,7 +452,12 @@ json_decode_string(js_read_T *reader, ty
 		    nr = 0;
 		    len = 0;
 		    vim_str2nr(p + 2, NULL, &len,
-				     STR2NR_HEX + STR2NR_FORCE, &nr, NULL, 4);
+			     STR2NR_HEX + STR2NR_FORCE, &nr, NULL, 4, TRUE);
+		    if (len == 0)
+		    {
+			ga_clear(&ga);
+			return FAIL;
+		    }
 		    p += len + 2;
 		    if (0xd800 <= nr && nr <= 0xdfff
 			    && (int)(reader->js_end - p) >= 6
@@ -463,7 +468,12 @@ json_decode_string(js_read_T *reader, ty
 			/* decode surrogate pair: \ud812\u3456 */
 			len = 0;
 			vim_str2nr(p + 2, NULL, &len,
-				     STR2NR_HEX + STR2NR_FORCE, &nr2, NULL, 4);
+			     STR2NR_HEX + STR2NR_FORCE, &nr2, NULL, 4, TRUE);
+			if (len == 0)
+			{
+			    ga_clear(&ga);
+			    return FAIL;
+			}
 			if (0xdc00 <= nr2 && nr2 <= 0xdfff)
 			{
 			    p += len + 2;
@@ -783,7 +793,13 @@ json_decode_item(js_read_T *reader, typv
 
 			    vim_str2nr(reader->js_buf + reader->js_used,
 				    NULL, &len, 0, /* what */
-				    &nr, NULL, 0);
+				    &nr, NULL, 0, TRUE);
+			    if (len == 0)
+			    {
+				emsg(_(e_invarg));
+				retval = FAIL;
+				goto theend;
+			    }
 			    if (cur_item != NULL)
 			    {
 				cur_item->v_type = VAR_NUMBER;