Mercurial > vim
diff src/json.c @ 16706:77bcb5055fec v8.1.1355
patch 8.1.1355: obvious mistakes are accepted as valid expressions
commit https://github.com/vim/vim/commit/16e9b85113e0b354ece1cb4f5fcc7866850f3685
Author: Bram Moolenaar <Bram@vim.org>
Date: Sun May 19 19:59:35 2019 +0200
patch 8.1.1355: obvious mistakes are accepted as valid expressions
Problem: Obvious mistakes are accepted as valid expressions.
Solution: Be more strict about parsing numbers. (Yasuhiro Matsumoto,
closes #3981)
author | Bram Moolenaar <Bram@vim.org> |
---|---|
date | Sun, 19 May 2019 20:00:09 +0200 |
parents | a2c598cbe220 |
children | 6fdb0ae0cac3 |
line wrap: on
line diff
--- a/src/json.c +++ b/src/json.c @@ -452,7 +452,12 @@ json_decode_string(js_read_T *reader, ty nr = 0; len = 0; vim_str2nr(p + 2, NULL, &len, - STR2NR_HEX + STR2NR_FORCE, &nr, NULL, 4); + STR2NR_HEX + STR2NR_FORCE, &nr, NULL, 4, TRUE); + if (len == 0) + { + ga_clear(&ga); + return FAIL; + } p += len + 2; if (0xd800 <= nr && nr <= 0xdfff && (int)(reader->js_end - p) >= 6 @@ -463,7 +468,12 @@ json_decode_string(js_read_T *reader, ty /* decode surrogate pair: \ud812\u3456 */ len = 0; vim_str2nr(p + 2, NULL, &len, - STR2NR_HEX + STR2NR_FORCE, &nr2, NULL, 4); + STR2NR_HEX + STR2NR_FORCE, &nr2, NULL, 4, TRUE); + if (len == 0) + { + ga_clear(&ga); + return FAIL; + } if (0xdc00 <= nr2 && nr2 <= 0xdfff) { p += len + 2; @@ -783,7 +793,13 @@ json_decode_item(js_read_T *reader, typv vim_str2nr(reader->js_buf + reader->js_used, NULL, &len, 0, /* what */ - &nr, NULL, 0); + &nr, NULL, 0, TRUE); + if (len == 0) + { + emsg(_(e_invarg)); + retval = FAIL; + goto theend; + } if (cur_item != NULL) { cur_item->v_type = VAR_NUMBER;