diff options
| author |  Nikias Bassen | 2022-02-03 00:37:12 +0100 |
|---|---|---|
| committer | Nikias Bassen | 2022-02-03 00:37:12 +0100 |
| commit | bf44ba84846ba3fcc6b7ad24e820086fa4c2d8a0 (patch) | |
| tree | e657eb2fec27459e430d7a80e9d164216f3ee25d /src/jplist.c | |
| parent | de49a34b0b7e7fa9534086ab94af64786b9ecaa3 (diff) | |
| download | libplist-bf44ba84846ba3fcc6b7ad24e820086fa4c2d8a0.tar.gz libplist-bf44ba84846ba3fcc6b7ad24e820086fa4c2d8a0.tar.bz2 | |
jplist: Fix OOB read by making sure number of children is even
Credit to OSS-Fuzz
Diffstat (limited to 'src/jplist.c')
| -rw-r--r-- | src/jplist.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/jplist.c b/src/jplist.c index c2d3ae3..7264da2 100644 --- a/src/jplist.c +++ b/src/jplist.c | |||
| @@ -671,12 +671,16 @@ static plist_t parse_object(const char* js, jsmntok_info_t* ti, int* index) | |||
| 671 | PLIST_JSON_ERR("%s: token type != JSMN_OBJECT\n", __func__); | 671 | PLIST_JSON_ERR("%s: token type != JSMN_OBJECT\n", __func__); |
| 672 | return NULL; | 672 | return NULL; |
| 673 | } | 673 | } |
| 674 | plist_t obj = plist_new_dict(); | ||
| 675 | int num_tokens = ti->tokens[*index].size; | 674 | int num_tokens = ti->tokens[*index].size; |
| 676 | int num; | 675 | int num; |
| 677 | int j = (*index)+1; | 676 | int j = (*index)+1; |
| 677 | if (num_tokens % 2 != 0) { | ||
| 678 | PLIST_JSON_ERR("%s: number of children must be even\n", __func__); | ||
| 679 | return NULL; | ||
| 680 | } | ||
| 681 | plist_t obj = plist_new_dict(); | ||
| 678 | for (num = 0; num < num_tokens; num++) { | 682 | for (num = 0; num < num_tokens; num++) { |
| 679 | if (j >= ti->count) { | 683 | if (j+1 >= ti->count) { |
| 680 | PLIST_JSON_ERR("%s: token index out of valid range\n", __func__); | 684 | PLIST_JSON_ERR("%s: token index out of valid range\n", __func__); |
| 681 | plist_free(obj); | 685 | plist_free(obj); |
| 682 | return NULL; | 686 | return NULL; |