Merge pull request #390 from qwename/integer-overflow

🔀 fix issue #380: Signed integer overflow check

Merge pull request #390 from qwename/integer-overflow
🔀 fix issue #380: Signed integer overflow check
4e2fb1a5 · Niels Lohmann · GitHub · dfafd2c2 · 703d4baf · 4e2fb1a5
隐藏空白更改
内联并排

Showing with 12 addition and 12 deletion

src/json.hpp src/json.hpp +6 -6

src/json.hpp.re2c src/json.hpp.re2c +6 -6

未找到文件。
--- a/src/json.hpp
+++ b/src/json.hpp
@@ -10619,19 +10619,19 @@ basic_json_parser_66:
                // skip if definitely not an integer
                if (type != value_t::number_float)
                {
-                    // multiply last value by ten and add the new digit
-                    auto temp = value * 10 + *curptr - '0';
+                    auto digit = static_cast<number_unsigned_t>(*curptr - '0');

-                    // test for overflow
-                    if (temp < value || temp > max)
+                    // overflow if value * 10 + digit > max, move terms around
+                    // to avoid overflow in intermediate values
+                    if (value > (max - digit) / 10)
                    {
                        // overflow
                        type = value_t::number_float;
                    }
                    else
                    {
-                        // no overflow - save it
-                        value = temp;
+                        // no overflow
+                        value = value * 10 + digit;
                    }
                }
            }

--- a/src/json.hpp.re2c
+++ b/src/json.hpp.re2c
@@ -9769,19 +9769,19 @@ class basic_json
                // skip if definitely not an integer
                if (type != value_t::number_float)
                {
-                    // multiply last value by ten and add the new digit
-                    auto temp = value * 10 + *curptr - '0';
+                    auto digit = static_cast<number_unsigned_t>(*curptr - '0');

-                    // test for overflow
-                    if (temp < value || temp > max)
+                    // overflow if value * 10 + digit > max, move terms around
+                    // to avoid overflow in intermediate values
+                    if (value > (max - digit) / 10)
                    {
                        // overflow
                        type = value_t::number_float;
                    }
                    else
                    {
-                        // no overflow - save it
-                        value = temp;
+                        // no overflow
+                        value = value * 10 + digit;
                    }
                }
            }