Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(103)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: base/json/json_parser.cc

Issue 2712013003: Fix several potential buffer over-read errors in JSONParser::ConsumeNumber. (Closed)
Patch Set: CanConsume(1) Created 3 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | base/json/json_parser_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "base/json/json_parser.h" 5 #include "base/json/json_parser.h"
6 6
7 #include <cmath> 7 #include <cmath>
8 #include <utility> 8 #include <utility>
9 9
10 #include "base/logging.h" 10 #include "base/logging.h"
(...skipping 662 matching lines...) Expand 10 before | Expand all | Expand 10 after
673 if (*pos_ == '-') 673 if (*pos_ == '-')
674 NextChar(); 674 NextChar();
675 675
676 if (!ReadInt(false)) { 676 if (!ReadInt(false)) {
677 ReportError(JSONReader::JSON_SYNTAX_ERROR, 1); 677 ReportError(JSONReader::JSON_SYNTAX_ERROR, 1);
678 return nullptr; 678 return nullptr;
679 } 679 }
680 end_index = index_; 680 end_index = index_;
681 681
682 // The optional fraction part. 682 // The optional fraction part.
683 if (*pos_ == '.') { 683 if (CanConsume(1) && *pos_ == '.') {
684 if (!CanConsume(1)) {
685 ReportError(JSONReader::JSON_SYNTAX_ERROR, 1);
686 return nullptr;
687 }
688 NextChar(); 684 NextChar();
689 if (!ReadInt(true)) { 685 if (!ReadInt(true)) {
690 ReportError(JSONReader::JSON_SYNTAX_ERROR, 1); 686 ReportError(JSONReader::JSON_SYNTAX_ERROR, 1);
691 return nullptr; 687 return nullptr;
692 } 688 }
693 end_index = index_; 689 end_index = index_;
694 } 690 }
695 691
696 // Optional exponent part. 692 // Optional exponent part.
697 if (*pos_ == 'e' || *pos_ == 'E') { 693 if (CanConsume(1) && (*pos_ == 'e' || *pos_ == 'E')) {
698 NextChar(); 694 NextChar();
699 if (*pos_ == '-' || *pos_ == '+') 695 if (!CanConsume(1)) {
696 ReportError(JSONReader::JSON_SYNTAX_ERROR, 1);
697 return nullptr;
698 }
699 if (*pos_ == '-' || *pos_ == '+') {
700 NextChar(); 700 NextChar();
701 if (!CanConsume(1)) {
dcheng 2017/02/24 22:38:17 Can this be handled by falling through to the Read
Robert Sesek 2017/02/24 23:01:29 Yup, done.
702 ReportError(JSONReader::JSON_SYNTAX_ERROR, 1);
703 return nullptr;
704 }
705 }
701 if (!ReadInt(true)) { 706 if (!ReadInt(true)) {
702 ReportError(JSONReader::JSON_SYNTAX_ERROR, 1); 707 ReportError(JSONReader::JSON_SYNTAX_ERROR, 1);
703 return nullptr; 708 return nullptr;
704 } 709 }
705 end_index = index_; 710 end_index = index_;
706 } 711 }
707 712
708 // ReadInt is greedy because numbers have no easily detectable sentinel, 713 // ReadInt is greedy because numbers have no easily detectable sentinel,
709 // so save off where the parser should be on exit (see Consume invariant at 714 // so save off where the parser should be on exit (see Consume invariant at
710 // the top of the header), then make sure the next token is one which is 715 // the top of the header), then make sure the next token is one which is
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after
818 const std::string& description) { 823 const std::string& description) {
819 if (line || column) { 824 if (line || column) {
820 return StringPrintf("Line: %i, column: %i, %s", 825 return StringPrintf("Line: %i, column: %i, %s",
821 line, column, description.c_str()); 826 line, column, description.c_str());
822 } 827 }
823 return description; 828 return description;
824 } 829 }
825 830
826 } // namespace internal 831 } // namespace internal
827 } // namespace base 832 } // namespace base
OLDNEW
« no previous file with comments | « no previous file | base/json/json_parser_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698