Commits

Kirill Simonov  committed f859ed1

Guard against overflows in indent and flow_level.

  • Participants
  • Parent commits da9bc6f

Comments (0)

Files changed (2)

File src/scanner.c

  */
 
 static int
-yaml_parser_roll_indent(yaml_parser_t *parser, int column,
-        int number, yaml_token_type_t type, yaml_mark_t mark);
+yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column,
+        ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark);
 
 static int
-yaml_parser_unroll_indent(yaml_parser_t *parser, int column);
+yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column);
 
 /*
  * Token fetchers.
      */
 
     int required = (!parser->flow_level
-            && parser->indent == (int)parser->mark.column);
+            && parser->indent == (ptrdiff_t)parser->mark.column);
 
     /*
      * A simple key is required only when it is the first token in the current
 
     /* Increase the flow level. */
 
+    if (parser->flow_level == INT_MAX)
+        return 0;
+
     parser->flow_level++;
 
     return 1;
  */
 
 static int
-yaml_parser_roll_indent(yaml_parser_t *parser, int column,
-        int number, yaml_token_type_t type, yaml_mark_t mark)
+yaml_parser_roll_indent(yaml_parser_t *parser, ptrdiff_t column,
+        ptrdiff_t number, yaml_token_type_t type, yaml_mark_t mark)
 {
     yaml_token_t token;
 
         if (!PUSH(parser, parser->indents, parser->indent))
             return 0;
 
+        if (column > INT_MAX)
+            return 0;
+
         parser->indent = column;
 
         /* Create a token and insert it into the queue. */
 
 
 static int
-yaml_parser_unroll_indent(yaml_parser_t *parser, int column)
+yaml_parser_unroll_indent(yaml_parser_t *parser, ptrdiff_t column)
 {
     yaml_token_t token;
 

File src/yaml_private.h

 
 #include <assert.h>
 #include <limits.h>
+#include <stddef.h>
 
 /*
  * Memory management.