diff options
| author | default <nobody@localhost> | 2023-05-15 10:31:15 +0200 |
|---|---|---|
| committer | default <nobody@localhost> | 2023-05-15 10:31:15 +0200 |
| commit | 59b049fe3b689eac6e028a9b5537bc593b9e3696 (patch) | |
| tree | f680a7a0ba9dd2eadabf897820ccda0a6638c00a | |
| parent | 08e43f2093b58dc4b44470fd3de268337855aed9 (diff) | |
Backport from xs.
| -rw-r--r-- | xs_json.h | 31 | ||||
| -rw-r--r-- | xs_version.h | 2 |
2 files changed, 26 insertions, 7 deletions
@@ -238,20 +238,39 @@ static xs_val *_xs_json_loads_lexer(const char **json, js_type *t) case 't': c = '\t'; break; case 'u': /* Unicode codepoint as an hex char */ s++; - memcpy(tmp, s, 4); - s += 3; + strncpy(tmp, s, 4); tmp[4] = '\0'; + if (strlen(tmp) != 4) { + *t = JS_ERROR; + break; + } + + s += 3; /* skip as it was one byte */ + sscanf(tmp, "%04x", &i); if (i >= 0xd800 && i <= 0xdfff) { /* it's a surrogate pair */ cp = (i & 0x3ff) << 10; - /* skip to the next value */ - s += 3; - memcpy(tmp, s, 4); - s += 3; + /* skip to the next value (last char + \ + u) */ + s++; + if (memcmp(s, "\\u", 2) != 0) { + *t = JS_ERROR; + break; + } + s += 2; + + strncpy(tmp, s, 4); + tmp[4] = '\0'; + + if (strlen(tmp) != 4) { + *t = JS_ERROR; + break; + } + + s += 3; /* skip as it was one byte */ sscanf(tmp, "%04x", &i); cp |= (i & 0x3ff); diff --git a/xs_version.h b/xs_version.h index 4c842e3..fce4f34 100644 --- a/xs_version.h +++ b/xs_version.h @@ -1 +1 @@ -/* 333e84c76cd0e51f9f98a36df2eb3bf81e0d2608 */ +/* 494e346f92431041350f72431417eee03a23eafd */ |