generic-library/jsoncpp
1
0
Fork 0
mirror of https://github.com/open-source-parsers/jsoncpp.git synced 2025-06-08 17:30:13 +02:00
Code Issues Projects Releases Wiki Activity

Fixed bug #3139678: stack buffer overflow when parsing a double with a length of 32 characters.

Browse Source
This commit is contained in:
Baptiste Lepilleur 2011-05-01 15:47:38 +00:00
parent 9c98f2277b
commit 99043b32b5
2 changed files with 9 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
NEWS.txt
View File

@ -3,8 +3,9 @@
* Compilation * Compilation
- LD_LIBRARY_PATH and LIBRARY_PATH environment variables are now propagated to the build - LD_LIBRARY_PATH and LIBRARY_PATH environment variables are now
environment as this is required for some compiler installation. propagated to the build environment as this is required for some
compiler installation.
- Added support for Microsoft Visual Studio 2008 (bug #2930462): - Added support for Microsoft Visual Studio 2008 (bug #2930462):
The platform "msvc90" has been added. The platform "msvc90" has been added.
@ -70,8 +71,11 @@
* Bug fixes * Bug fixes
- Bug #3139677: JSON [1 2 3] was incorrectly parsed as [1, 3]. Error is now correctly - Bug #3139677: JSON [1 2 3] was incorrectly parsed as [1, 3]. Error is now
detected. correctly detected.
- Bug #3139678: stack buffer overflow when parsing a double with a
length of 32 characters.
* License * License

2
src/lib_json/json_reader.cpp
View File

@ -610,7 +610,7 @@ Reader::decodeDouble( Token &token )
int length = int(token.end_ - token.start_); int length = int(token.end_ - token.start_);
if ( length <= bufferSize ) if ( length <= bufferSize )
{ {
Char buffer[bufferSize]; Char buffer[bufferSize+1];
memcpy( buffer, token.start_, length ); memcpy( buffer, token.start_, length );
buffer[length] = 0; buffer[length] = 0;
count = sscanf( buffer, "%lf", &value ); count = sscanf( buffer, "%lf", &value );