From cc93b988ccb1e9f9f61ab039dcaca42c822489ab Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Thu, 23 Jun 2022 16:14:41 +0000
Subject: apr_json_decode: Return APR_ENOSPC if a decoded array is above
 INT_MAX.

* json/apr_json_decode.c(apr_json_decode_array):
  Return APR_ENOSPC should the int counter overflow.



git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1902207 13f79535-47bb-0310-9956-ffa450edef68
---
 json/apr_json_decode.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'json')

diff --git a/json/apr_json_decode.c b/json/apr_json_decode.c
index 565c5a7a9..460bcc83e 100644
--- a/json/apr_json_decode.c
+++ b/json/apr_json_decode.c
@@ -386,6 +386,10 @@ static apr_status_t apr_json_decode_array(apr_json_scanner_t * self,
             break;
         }
 
+        if (count >= APR_INT32_MAX) {
+            return APR_ENOSPC;
+        }
+
         if (APR_SUCCESS != (status = apr_json_decode_value(self, &element))) {
             return status;
         }
@@ -394,7 +398,6 @@ static apr_status_t apr_json_decode_array(apr_json_scanner_t * self,
                 != (status = apr_json_array_add(array, element))) {
             return status;
         }
-
         count++;
 
         if (self->p == self->e) {
-- 
cgit v1.2.1