alex/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2026-01-03 18:06:29 +10:00
Code Issues Packages Projects Releases Wiki Activity

eval/decode: Make sure that parsing strings does not overflow

Browse Source
This commit is contained in:
ZyX
2016-03-07 07:50:17 +03:00
parent 224d7df630
commit 52c6cc2189
2 changed files with 23 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/nvim/eval/decode.c
View File

@@ -455,7 +455,7 @@ json_decode_string_cycle_start:
p += ch_len;
}
}
if (*p != '"') {
if (p == e || *p != '"') {
EMSG2(_("E474: Expected string end: %s"), buf);
goto json_decode_string_fail;
}

29
test/unit/eval/decode_spec.lua
View File

@@ -18,12 +18,16 @@ local decode = cimport('./src/nvim/eval/decode.h', './src/nvim/eval_defs.h',
describe('json_decode_string()', function()
after_each(function()
decode.emsg_silent = 0
decode.trylevel = 0
end)
local char = function(c)
return ffi.gc(decode.xmemdup(c, 1), decode.xfree)
end
it('does not overflow when running with `n…`, `t…`, `f…`', function()
local rettv = ffi.new('typval_T')
local rettv = ffi.new('typval_T', {v_type=decode.VAR_UNKNOWN})
decode.emsg_silent = 1
rettv.v_type = decode.VAR_UNKNOWN
-- This will not crash, but if `len` argument will be ignored it will parse
-- `null` as `null` and if not it will parse `null` as `n`.
eq(0, decode.json_decode_string('null', 1, rettv))
@@ -49,12 +53,8 @@ describe('json_decode_string()', function()
end)
it('does not overflow and crash when running with `n`, `t`, `f`', function()
local rettv = ffi.new('typval_T')
local rettv = ffi.new('typval_T', {v_type=decode.VAR_UNKNOWN})
decode.emsg_silent = 1
rettv.v_type = decode.VAR_UNKNOWN
local char = function(c)
return ffi.gc(decode.xmemdup(c, 1), decode.xfree)
end
eq(0, decode.json_decode_string(char('n'), 1, rettv))
eq(decode.VAR_UNKNOWN, rettv.v_type)
eq(0, decode.json_decode_string(char('t'), 1, rettv))
@@ -62,4 +62,19 @@ describe('json_decode_string()', function()
eq(0, decode.json_decode_string(char('f'), 1, rettv))
eq(decode.VAR_UNKNOWN, rettv.v_type)
end)
it('does not overflow when running with `"…`', function()
local rettv = ffi.new('typval_T', {v_type=decode.VAR_UNKNOWN})
decode.emsg_silent = 1
eq(0, decode.json_decode_string('"t"', 2, rettv))
eq(decode.VAR_UNKNOWN, rettv.v_type)
eq(0, decode.json_decode_string('""', 1, rettv))
eq(decode.VAR_UNKNOWN, rettv.v_type)
end)
it('does not overflow and crash when running with `"`', function()
local rettv = ffi.new('typval_T', {v_type=decode.VAR_UNKNOWN})
eq(0, decode.json_decode_string(char('"'), 1, rettv))
eq(decode.VAR_UNKNOWN, rettv.v_type)
end)
end)