diff options
| author |  Nikias Bassen | 2022-02-15 04:30:07 +0100 |
|---|---|---|
| committer | Nikias Bassen | 2022-02-15 04:30:07 +0100 |
| commit | 106c4ee7f53ef800a82fce9638f29756e8b78640 (patch) | |
| tree | 059cc4eb656ef5cc44da4084e387f60aec62ce62 /src | |
| parent | 38759317cbda07288f48268cf0c1bebaf54ef869 (diff) | |
| download | libplist-106c4ee7f53ef800a82fce9638f29756e8b78640.tar.gz libplist-106c4ee7f53ef800a82fce9638f29756e8b78640.tar.bz2 | |
jplist: Fix another OOB read by using correct bounds check
Credit to OSS-Fuzz
Diffstat (limited to 'src')
| -rw-r--r-- | src/jplist.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/jplist.c b/src/jplist.c index 978c5f9..45f0544 100644 --- a/src/jplist.c +++ b/src/jplist.c | |||
| @@ -490,7 +490,7 @@ static plist_t parse_primitive(const char* js, jsmntok_info_t* ti, int* index) | |||
| 490 | if (endp >= str_end) { | 490 | if (endp >= str_end) { |
| 491 | /* integer */ | 491 | /* integer */ |
| 492 | val = plist_new_uint((uint64_t)intpart); | 492 | val = plist_new_uint((uint64_t)intpart); |
| 493 | } else if ((*endp == '.' && endp+1 < str_end && isdigit(*(endp+1))) || ((*endp == 'e' || *endp == 'E') && endp < str_end && (isdigit(*(endp+1)) || ((*(endp+1) == '-') && endp+1 < str_end && isdigit(*(endp+2)))))) { | 493 | } else if ((*endp == '.' && endp+1 < str_end && isdigit(*(endp+1))) || ((*endp == 'e' || *endp == 'E') && endp+1 < str_end && (isdigit(*(endp+1)) || ((*(endp+1) == '-') && endp+2 < str_end && isdigit(*(endp+2)))))) { |
| 494 | /* floating point */ | 494 | /* floating point */ |
| 495 | double dval = (double)intpart; | 495 | double dval = (double)intpart; |
| 496 | char* fendp = endp; | 496 | char* fendp = endp; |