mirror/json-c
1
0
Fork 0
mirror of https://github.com/json-c/json-c.git synced 2026-03-24 15:39:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix CVE-2020-12762.

Browse Source 
This commit is a squashed backport of the following commits
on the master branch:

  * 099016b7e8
  * 77d935b7ae
  * d07b910149
  * 519dfe1591
  * a59d5acfab
This commit is contained in:
Björn Esser
2020-05-14 12:32:30 +02:00
parent 0daf8dc826
commit 865b5a6519
5 changed files with 74 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
arraylist.c
View File

@@ -135,6 +135,9 @@ array_list_del_idx( struct array_list *arr, size_t idx, size_t count )
{
size_t i, stop;
/* Avoid overflow in calculation with large indices. */
if (idx > SIZE_T_MAX - count)
return -1;
stop = idx + count;
if ( idx >= arr->length || stop > arr->length ) return -1;
for ( i = idx; i < stop; ++i ) {