diff options
| author | default <nobody@localhost> | 2023-05-15 10:31:15 +0200 |
|---|---|---|
| committer | default <nobody@localhost> | 2023-05-15 10:31:15 +0200 |
| commit | 59b049fe3b689eac6e028a9b5537bc593b9e3696 (patch) | |
| tree | f680a7a0ba9dd2eadabf897820ccda0a6638c00a /xs_json.h | |
| parent | 08e43f2093b58dc4b44470fd3de268337855aed9 (diff) | |
Backport from xs.
Diffstat (limited to 'xs_json.h')
| -rw-r--r-- | xs_json.h | 31 |
1 files changed, 25 insertions, 6 deletions
@@ -238,20 +238,39 @@ static xs_val *_xs_json_loads_lexer(const char **json, js_type *t) case 't': c = '\t'; break; case 'u': /* Unicode codepoint as an hex char */ s++; - memcpy(tmp, s, 4); - s += 3; + strncpy(tmp, s, 4); tmp[4] = '\0'; + if (strlen(tmp) != 4) { + *t = JS_ERROR; + break; + } + + s += 3; /* skip as it was one byte */ + sscanf(tmp, "%04x", &i); if (i >= 0xd800 && i <= 0xdfff) { /* it's a surrogate pair */ cp = (i & 0x3ff) << 10; - /* skip to the next value */ - s += 3; - memcpy(tmp, s, 4); - s += 3; + /* skip to the next value (last char + \ + u) */ + s++; + if (memcmp(s, "\\u", 2) != 0) { + *t = JS_ERROR; + break; + } + s += 2; + + strncpy(tmp, s, 4); + tmp[4] = '\0'; + + if (strlen(tmp) != 4) { + *t = JS_ERROR; + break; + } + + s += 3; /* skip as it was one byte */ sscanf(tmp, "%04x", &i); cp |= (i & 0x3ff); |