On 6/23/22 6:14 PM, yla...@apache.org wrote: > Author: ylavic > Date: Thu Jun 23 16:14:41 2022 > New Revision: 1902207 > > URL: http://svn.apache.org/viewvc?rev=1902207&view=rev > Log: > apr_json_decode: Return APR_ENOSPC if a decoded array is above INT_MAX. > > * json/apr_json_decode.c(apr_json_decode_array): > Return APR_ENOSPC should the int counter overflow. > > > Modified: > apr/apr/trunk/json/apr_json_decode.c > > Modified: apr/apr/trunk/json/apr_json_decode.c > URL: > http://svn.apache.org/viewvc/apr/apr/trunk/json/apr_json_decode.c?rev=1902207&r1=1902206&r2=1902207&view=diff > ============================================================================== > --- apr/apr/trunk/json/apr_json_decode.c (original) > +++ apr/apr/trunk/json/apr_json_decode.c Thu Jun 23 16:14:41 2022 > @@ -386,6 +386,10 @@ static apr_status_t apr_json_decode_arra > break; > } > > + if (count >= APR_INT32_MAX) { Can INT_MAX and APR_INT32_MAX be different? > + return APR_ENOSPC; > + } > + > if (APR_SUCCESS != (status = apr_json_decode_value(self, &element))) > { > return status; > } Regards RĂ¼diger