diff options
author | Yann Ylavic <ylavic@apache.org> | 2022-06-23 16:14:41 +0000 |
---|---|---|
committer | Yann Ylavic <ylavic@apache.org> | 2022-06-23 16:14:41 +0000 |
commit | cc93b988ccb1e9f9f61ab039dcaca42c822489ab (patch) | |
tree | 22008eecf812ce99d32f24cdb337ac4f5b6603aa /json | |
parent | 850cc4f69639ac9f1c1c9767efaf4883ee3217ce (diff) | |
download | apr-cc93b988ccb1e9f9f61ab039dcaca42c822489ab.tar.gz |
apr_json_decode: Return APR_ENOSPC if a decoded array is above INT_MAX.
* json/apr_json_decode.c(apr_json_decode_array):
Return APR_ENOSPC should the int counter overflow.
git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1902207 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'json')
-rw-r--r-- | json/apr_json_decode.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/json/apr_json_decode.c b/json/apr_json_decode.c index 565c5a7a9..460bcc83e 100644 --- a/json/apr_json_decode.c +++ b/json/apr_json_decode.c @@ -386,6 +386,10 @@ static apr_status_t apr_json_decode_array(apr_json_scanner_t * self, break; } + if (count >= APR_INT32_MAX) { + return APR_ENOSPC; + } + if (APR_SUCCESS != (status = apr_json_decode_value(self, &element))) { return status; } @@ -394,7 +398,6 @@ static apr_status_t apr_json_decode_array(apr_json_scanner_t * self, != (status = apr_json_array_add(array, element))) { return status; } - count++; if (self->p == self->e) { |