fix buffer overrun

git-svn-id: svn+ssh://svn.gna.org/svn/gnustep/libs/base/trunk@34667 72102866-910b-0410-8b05-ffd578937521
2025-04-22 16:33:29 +00:00 · 2012-01-30 15:26:09 +00:00 · 2012-01-30 15:26:09 +00:00 · e138bc1db8
commit e138bc1db8
parent 35a9ba1cd6
2 changed files with 19 additions and 6 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+2012-01-30  Richard Frith-Macdonald <rfm@gnu.org>
+
+	* Source/NSJSONSerialization.m:
+	Fix buffer overrun reported by Lubomir Rintel <lubo.rintel@gooddata.com>
+
 2012-01-30  Richard Frith-Macdonald <rfm@gnu.org>

 	* Source/NSKeyValueCoding.m:
--- a/Source/NSJSONSerialization.m
+++ b/Source/NSJSONSerialization.m
@ -147,9 +147,16 @@ updateStreamBuffer(ParserState* state)
 		  [stream read: &bytes[++i] maxLength: 1];
 		}
 	      while (bytes[i] & 0xf);
-	      str = [[NSString alloc] initWithUTF8String: (char*)bytes];
-	      [str getCharacters: state->buffer range: NSMakeRange(0,1)];
-	      [str release];
+	      if (0 == i)
+		{
+		  state->buffer[0] = bytes[0];
+		}
+	      else
+		{
+		  str = [[NSString alloc] initWithUTF8String: (char*)bytes];
+		  [str getCharacters: state->buffer range: NSMakeRange(0,1)];
+		  [str release];
+		}
 	      break;
 	    }
 	  case NSUTF32LittleEndianStringEncoding:
@ -273,7 +280,7 @@ NS_RETURNS_RETAINED static NSString*
 parseString(ParserState *state)
 {
  NSMutableString *val = nil;
-  unichar buffer[64];
+  unichar buffer[BUFFER_SIZE];
  int bufferIndex = 0;
  unichar next;

@ -331,12 +338,13 @@ parseString(ParserState *state)
            }
        }
      buffer[bufferIndex++] = next;
-      if (bufferIndex >= 64)
+      if (bufferIndex >= BUFFER_SIZE)
        {
          NSMutableString *str;

          str = [[NSMutableString alloc] initWithCharacters: buffer
-						     length: 64];
+						     length: bufferIndex];
+	  bufferIndex = 0;
          if (nil == val)
            {
              val = str;