Issue #31 resolved

Array-bounds overflow with bad data

Anonymous created an issue

Array-bounds read problems when a bad string is passed to the parser.

For example, an input string that is NOT NUL-terminated, and has a partial string-value with a trailing single backslash.

const char *Input = "\"x\":\"va\";

Specify input length as 8 characters. The code will attempt to reference Input[8] in jsmn.c at around line 120 where it tried to look at the characters after the backslash. Similarly, if there is an incomplete \uXXXX sequence, without trailing NUL, there will be a buffer overflow there.

Comments (2)

  1. Log in to comment