On 6/23/22 6:14 PM, yla...@apache.org wrote:
> Author: ylavic
> Date: Thu Jun 23 16:14:41 2022
> New Revision: 1902207
> 
> URL: http://svn.apache.org/viewvc?rev=1902207&view=rev
> Log:
> apr_json_decode: Return APR_ENOSPC if a decoded array is above INT_MAX.
> 
> * json/apr_json_decode.c(apr_json_decode_array):
>   Return APR_ENOSPC should the int counter overflow.
>   
> 
> Modified:
>     apr/apr/trunk/json/apr_json_decode.c
> 
> Modified: apr/apr/trunk/json/apr_json_decode.c
> URL: 
> http://svn.apache.org/viewvc/apr/apr/trunk/json/apr_json_decode.c?rev=1902207&r1=1902206&r2=1902207&view=diff
> ==============================================================================
> --- apr/apr/trunk/json/apr_json_decode.c (original)
> +++ apr/apr/trunk/json/apr_json_decode.c Thu Jun 23 16:14:41 2022
> @@ -386,6 +386,10 @@ static apr_status_t apr_json_decode_arra
>              break;
>          }
>  
> +        if (count >= APR_INT32_MAX) {

Can INT_MAX and APR_INT32_MAX be different?

> +            return APR_ENOSPC;
> +        }
> +
>          if (APR_SUCCESS != (status = apr_json_decode_value(self, &element))) 
> {
>              return status;
>          }

Regards

RĂ¼diger

Reply via email to