webmcp

changeset 152:7b5c13fdc2ec

Reject arrays that exceed INT_MAX elements in JSON library
author jbe
date Thu Jul 31 01:02:46 2014 +0200 (2014-07-31)
parents 6d2bb696f736
children c8c91216255f
files libraries/json/json.c
line diff
     1.1 --- a/libraries/json/json.c	Thu Jul 31 00:44:17 2014 +0200
     1.2 +++ b/libraries/json/json.c	Thu Jul 31 01:02:46 2014 +0200
     1.3 @@ -121,6 +121,7 @@
     1.4    luaL_Buffer luabuf;  // Lua buffer to decode JSON string values
     1.5    char *cbuf;          // C buffer to decode JSON string values
     1.6    size_t writepos;     // write position of decoded strings in C buffer
     1.7 +  size_t arraylen;     // variable to temporarily store the array length
     1.8    // stack shall contain one function argument:
     1.9    lua_settop(L, 1);
    1.10    // push objectmt onto stack position 2:
    1.11 @@ -407,8 +408,16 @@
    1.12      goto json_import_loop;
    1.13    // an array value has been read:
    1.14    case JSON_STATE_ARRAY_VALUE:
    1.15 +    // get current array length:
    1.16 +    arraylen = lua_rawlen(L, -3);
    1.17 +    // throw error if array would exceed INT_MAX elements:
    1.18 +    // TODO: Lua 5.3 may support more elements
    1.19 +    if (arraylen >= INT_MAX) {
    1.20 +      lua_pushnil(L);
    1.21 +      lua_pushfstring(L, "Array exceeded length of %d elements", INT_MAX);
    1.22 +    }
    1.23      // store value in outer shadow table:
    1.24 -    lua_rawseti(L, -3, lua_rawlen(L, -3) + 1);
    1.25 +    lua_rawseti(L, -3, arraylen + 1);
    1.26      // expect value terminator (or end of object) to follow:
    1.27      mode = JSON_STATE_ARRAY_SEPARATOR;
    1.28      // continue with loop
    1.29 @@ -697,7 +706,7 @@
    1.30  #define json_ipairs_iterfunc_shadowtbl_idx 4
    1.31  
    1.32  static int json_ipairs_iterfunc(lua_State *L) {
    1.33 -  int idx;
    1.34 +  lua_Integer idx;
    1.35    // stack shall contain two function arguments:
    1.36    lua_settop(L, 2);
    1.37    // push nullmark onto stack position 3:

Impressum / About Us