Thanks to visit codestin.com
Credit goes to github.com

Skip to content

json_parse_ex can write in unreserved memory #175

@ghost

Description

This code can easily writes outside of the memory passed to store the error message.

I think the description of the error report memory should be described in json_settings to avoid parameter proliferation, and should include both a (possibly NULL) pointer to said memory, plus a size indication of it (either by passing a endptr or a size_t, but something). Or even better, a classic pair of callback+userdara pointers, callback would only take the error message plus userdata.
I don't know what you would prefer, but currently I consider using the error report buffer as a bug, since there is no bound checking of any sort there, and using standard C methods (memcpy, strncpy, etc) would require to bump the requirements to C99.

I'm ok to write a simple patch to fix this if the preferred method is defined before (to avoid wasting time on a patch that would be rejected).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions