Skip to content

Commit

Permalink
🐛 fixing #575
Browse files Browse the repository at this point in the history 
I forgot to consider the offset.
  • Loading branch information
@nlohmann
nlohmann committed May 7, 2017
1 parent 56ac790 commit fba1bcd
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 1 deletion.
2 changes: 1 addition & 1 deletion src/json.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8915,7 +8915,7 @@ class basic_json
{
// avoid reading too many characters
const size_t max_length = static_cast<size_t>(limit - start);
return std::string(start + offset, std::min({length, max_length}));
return std::string(start + offset, std::min({length, max_length - offset}));
}

private:
Expand Down
6 changes: 6 additions & 0 deletions test/src/unit-regression.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1010,4 +1010,10 @@ TEST_CASE("regression tests")
CHECK(not(6 <= j["a"]));
CHECK(not(6 < j["a"]));
}

SECTION("issue #575 - heap-buffer-overflow (OSS-Fuzz 1400)")
{
std::vector<uint8_t> vec = {'"', '\\', '"', 'X', '"', '"'};
CHECK_THROWS_AS(json::parse(vec), json::parse_error);
}
}

0 comments on commit fba1bcd

Please sign in to comment.