Skip to content

Commit

Permalink
🚑 fix for #405
Browse files Browse the repository at this point in the history
  • Loading branch information
@nlohmann
nlohmann committed Dec 29, 2016
1 parent 8381cd6 commit 871ceba
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 0 deletions.
6 changes: 6 additions & 0 deletions src/json.hpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6871,6 +6871,12 @@ class basic_json
{
throw std::out_of_range("len+offset out of range");
}

// last case: reading past the end of the vector
if (len + offset > size)
{
throw std::out_of_range("len+offset out of range");
}
}

/*!
Expand Down
6 changes: 6 additions & 0 deletions src/json.hpp.re2c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6871,6 +6871,12 @@ class basic_json
{
throw std::out_of_range("len+offset out of range");
}

// last case: reading past the end of the vector
if (len + offset > size)
{
throw std::out_of_range("len+offset out of range");
}
}

/*!
Expand Down
7 changes: 7 additions & 0 deletions test/src/unit-regression.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -540,4 +540,11 @@ TEST_CASE("regression tests")
CHECK(j.is_number_float());
CHECK(j.dump() == "1.66020696663386e+20");
}

SECTION("issue #405 - Heap-buffer-overflow (OSS-Fuzz issue 342)")
{
// original test case
std::vector<uint8_t> vec {0x65, 0xf5, 0x0a, 0x48, 0x21};
CHECK_THROWS_AS(json::from_cbor(vec), std::out_of_range);
}
}

0 comments on commit 871ceba

Please sign in to comment.