parent
56ac7908f1
commit
fba1bcdd0b
2 changed files with 7 additions and 1 deletions
|
@ -8915,7 +8915,7 @@ class basic_json
|
||||||
{
|
{
|
||||||
// avoid reading too many characters
|
// avoid reading too many characters
|
||||||
const size_t max_length = static_cast<size_t>(limit - start);
|
const size_t max_length = static_cast<size_t>(limit - start);
|
||||||
return std::string(start + offset, std::min({length, max_length}));
|
return std::string(start + offset, std::min({length, max_length - offset}));
|
||||||
}
|
}
|
||||||
|
|
||||||
private:
|
private:
|
||||||
|
|
|
@ -1010,4 +1010,10 @@ TEST_CASE("regression tests")
|
||||||
CHECK(not(6 <= j["a"]));
|
CHECK(not(6 <= j["a"]));
|
||||||
CHECK(not(6 < j["a"]));
|
CHECK(not(6 < j["a"]));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
SECTION("issue #575 - heap-buffer-overflow (OSS-Fuzz 1400)")
|
||||||
|
{
|
||||||
|
std::vector<uint8_t> vec = {'"', '\\', '"', 'X', '"', '"'};
|
||||||
|
CHECK_THROWS_AS(json::parse(vec), json::parse_error);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue