Fix issue #380: Signed integer overflow check
Instead of checking something like `x * y + z > max` where `x * y` can overflow, check for `x > (max - z) / y` instead.
This commit is contained in:
Yixin Zhang
parent
79fa8b2f41
commit
1e981115c9
2 changed files with 442 additions and 920 deletions
864
src/json.hpp
864
src/json.hpp
File diff suppressed because it is too large
Load diff
|
|
@ -9769,19 +9769,19 @@ class basic_json
|
||||||
// skip if definitely not an integer
|
// skip if definitely not an integer
|
||||||
if (type != value_t::number_float)
|
if (type != value_t::number_float)
|
||||||
{
|
{
|
||||||
// multiply last value by ten and add the new digit
|
auto digit = *curptr - '0';
|
||||||
auto temp = value * 10 + *curptr - '0';
|
|
||||||
|
|
||||||
// test for overflow
|
// overflow if value * 10 + digit > max, move terms around
|
||||||
if (temp < value || temp > max)
|
// to avoid overflow in intermediate values
|
||||||
|
if (value > (max - digit) / 10)
|
||||||
{
|
{
|
||||||
// overflow
|
// overflow
|
||||||
type = value_t::number_float;
|
type = value_t::number_float;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
// no overflow - save it
|
// no overflow
|
||||||
value = temp;
|
value = value * 10 + digit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue