prevent read beyond end of buffer when string ends with malformed utf

72e6e235 · Mike Jerris · 4fce9cce · 72e6e235
隐藏空白更改
内联并排

Showing with 3 addition and 2 deletion

cJSON.c cJSON.c +3 -2

未找到文件。
--- a/cJSON.c
+++ b/cJSON.c
@@ -422,8 +422,6 @@ static unsigned char utf16_literal_to_utf8(const unsigned char * const input_poi
    unsigned char utf8_length = 0;
    unsigned char sequence_length = 0;

-    /* get the first utf16 sequence */
-    first_code = parse_hex4(first_sequence + 2);
    if ((input_end - first_sequence) < 6)
    {
        /* input ends unexpectedly */
@@ -431,6 +429,9 @@ static unsigned char utf16_literal_to_utf8(const unsigned char * const input_poi
        goto fail;
    }

+    /* get the first utf16 sequence */
+    first_code = parse_hex4(first_sequence + 2);
+
    /* check that the code is valid */
    if (((first_code >= 0xDC00) && (first_code <= 0xDFFF)) || (first_code == 0))
    {