# HG changeset patch
# User jbe
# Date 1406761366 -7200
# Node ID 7b5c13fdc2ec47e0cd877cc042eae17123875372
# Parent  6d2bb696f736dab1ee55f08b03282bd8f3dd02a3
Reject arrays that exceed INT_MAX elements in JSON library

diff -r 6d2bb696f736 -r 7b5c13fdc2ec libraries/json/json.c
--- a/libraries/json/json.c	Thu Jul 31 00:44:17 2014 +0200
+++ b/libraries/json/json.c	Thu Jul 31 01:02:46 2014 +0200
@@ -121,6 +121,7 @@
   luaL_Buffer luabuf;  // Lua buffer to decode JSON string values
   char *cbuf;          // C buffer to decode JSON string values
   size_t writepos;     // write position of decoded strings in C buffer
+  size_t arraylen;     // variable to temporarily store the array length
   // stack shall contain one function argument:
   lua_settop(L, 1);
   // push objectmt onto stack position 2:
@@ -407,8 +408,16 @@
     goto json_import_loop;
   // an array value has been read:
   case JSON_STATE_ARRAY_VALUE:
+    // get current array length:
+    arraylen = lua_rawlen(L, -3);
+    // throw error if array would exceed INT_MAX elements:
+    // TODO: Lua 5.3 may support more elements
+    if (arraylen >= INT_MAX) {
+      lua_pushnil(L);
+      lua_pushfstring(L, "Array exceeded length of %d elements", INT_MAX);
+    }
     // store value in outer shadow table:
-    lua_rawseti(L, -3, lua_rawlen(L, -3) + 1);
+    lua_rawseti(L, -3, arraylen + 1);
     // expect value terminator (or end of object) to follow:
     mode = JSON_STATE_ARRAY_SEPARATOR;
     // continue with loop
@@ -697,7 +706,7 @@
 #define json_ipairs_iterfunc_shadowtbl_idx 4
 
 static int json_ipairs_iterfunc(lua_State *L) {
-  int idx;
+  lua_Integer idx;
   // stack shall contain two function arguments:
   lua_settop(L, 2);
   // push nullmark onto stack position 3: