Check the unicode code point range before chr() is called

author: Kishin Yagami <k.yagami.suou@gmail.com> 2022-04-21 22:20:51 +0900
committer: Kishin Yagami <k.yagami.suou@gmail.com> 2022-04-21 22:20:51 +0900
commit: 6d7fb274abd1f7fdc9de00979217a6933eb76252 (patch)
tree: 9fe9ddcb2d2eab855c77a8916aab579b4d831ac5
parent: 02221b19672b1b35188080435c7360cd2d6af6fb (diff)
download: simplejson-6d7fb274abd1f7fdc9de00979217a6933eb76252.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/simplejson/decoder.py b/simplejson/decoder.py
index 7f0b056..1a8f772 100644
--- a/simplejson/decoder.py
+++ b/simplejson/decoder.py
@@ -109,6 +109,8 @@ def py_scanstring(s, end, encoding=None, strict=True,
                 uni = int(esc, 16)
             except ValueError:
                 raise JSONDecodeError(msg, s, end - 1)
+            if uni < 0 or uni > _maxunicode:
+                raise JSONDecodeError(msg, s, end - 1)
             end += 5
             # Check for surrogate pair on UCS-4 systems
             # Note that this will join high/low surrogate pairs
author	Kishin Yagami <k.yagami.suou@gmail.com>	2022-04-21 22:20:51 +0900
committer	Kishin Yagami <k.yagami.suou@gmail.com>	2022-04-21 22:20:51 +0900
commit	6d7fb274abd1f7fdc9de00979217a6933eb76252 (patch)
tree	9fe9ddcb2d2eab855c77a8916aab579b4d831ac5
parent	02221b19672b1b35188080435c7360cd2d6af6fb (diff)
download	simplejson-6d7fb274abd1f7fdc9de00979217a6933eb76252.tar.gz