jplist: Prevent read of uninitialized value by checking the bounds beforehand

Credit to OSS-Fuzz
author: Nikias Bassen 2022-02-08 16:58:21 +0100
committer: Nikias Bassen 2022-02-08 16:58:21 +0100
commit: d6026ca0e878ede5c1bd2be7c74fc0827e83824e (patch)
tree: 9822190d41679062c338a2ebb18dcd7b08e4be38
parent: 19c17052d6cf9fe29039a1869b799efc0b687dc3 (diff)
download: libplist-d6026ca0e878ede5c1bd2be7c74fc0827e83824e.tar.gz
libplist-d6026ca0e878ede5c1bd2be7c74fc0827e83824e.tar.bz2
1 files changed, 2 insertions, 2 deletions
diff --git a/src/jplist.c b/src/jplist.c
index 6c6e331..e965870 100644
--- a/src/jplist.c
+++ b/src/jplist.c
@@ -486,7 +486,7 @@ static plist_t parse_primitive(const char* js, jsmntok_info_t* ti, int* index)
        val = plist_new_node(data);
    } else if (isdigit(str_val[0]) || (str_val[0] == '-' && str_end > str_val && isdigit(str_val[1]))) {
        char* endp = (char*)str_val;
-        long long intpart = parse_decimal(str_val, str_end, &endp);
+        int64_t intpart = parse_decimal(str_val, str_end, &endp);
        if (endp >= str_end) {
            /* integer */
            val = plist_new_uint((uint64_t)intpart);
@@ -501,7 +501,7 @@ static plist_t parse_primitive(const char* js, jsmntok_info_t* ti, int* index)
                    int is_neg = (str_val[0] == '-');
                    double frac = 0;
                    double p = 0.1;
-                    while (isdigit(*fendp) && fendp < str_end) {
+                    while (fendp < str_end && isdigit(*fendp)) {
                        frac = frac + (*fendp - '0') * p;
                        p *= 0.1;
                        fendp++;
author	Nikias Bassen	2022-02-08 16:58:21 +0100
committer	Nikias Bassen	2022-02-08 16:58:21 +0100
commit	d6026ca0e878ede5c1bd2be7c74fc0827e83824e (patch)
tree	9822190d41679062c338a2ebb18dcd7b08e4be38
parent	19c17052d6cf9fe29039a1869b799efc0b687dc3 (diff)
download	libplist-d6026ca0e878ede5c1bd2be7c74fc0827e83824e.tar.gz libplist-d6026ca0e878ede5c1bd2be7c74fc0827e83824e.tar.bz2

diff --git a/src/jplist.c b/src/jplist.c index 6c6e331..e965870 100644 --- a/src/jplist.c +++ b/src/jplist.c
@@ -486,7 +486,7 @@ static plist_t parse_primitive(const char* js, jsmntok_info_t* ti, int* index)
486	val = plist_new_node(data);	486	val = plist_new_node(data);
487	} else if (isdigit(str_val[0]) \|\| (str_val[0] == '-' && str_end > str_val && isdigit(str_val[1]))) {	487	} else if (isdigit(str_val[0]) \|\| (str_val[0] == '-' && str_end > str_val && isdigit(str_val[1]))) {
488	char* endp = (char*)str_val;	488	char* endp = (char*)str_val;
489	long long intpart = parse_decimal(str_val, str_end, &endp);	489	int64_t intpart = parse_decimal(str_val, str_end, &endp);
490	if (endp >= str_end) {	490	if (endp >= str_end) {
491	/* integer */	491	/* integer */
492	val = plist_new_uint((uint64_t)intpart);	492	val = plist_new_uint((uint64_t)intpart);
@@ -501,7 +501,7 @@ static plist_t parse_primitive(const char* js, jsmntok_info_t* ti, int* index)
501	int is_neg = (str_val[0] == '-');	501	int is_neg = (str_val[0] == '-');
502	double frac = 0;	502	double frac = 0;
503	double p = 0.1;	503	double p = 0.1;
504	while (isdigit(*fendp) && fendp < str_end) {	504	while (fendp < str_end && isdigit(*fendp)) {
505	frac = frac + (fendp - '0') p;	505	frac = frac + (fendp - '0') p;
506	p *= 0.1;	506	p *= 0.1;
507	fendp++;	507	fendp++;