Skip to content

R
rapidjson
Commit 6582160a authored by miloyip's avatar miloyip
Browse files
Options

Fix out-of-bound access in percent decode

parent bb0e8289
Hide whitespace changes
Inline Side-by-side
Showing with 5 additions and 3 deletions
include/rapidjson/pointer.h
View file @ 6582160a
...@@ -425,7 +425,7 @@ private: ...@@ -425,7 +425,7 @@ private:
if (uriFragment) { if (uriFragment) {
// Decoding percent-encoding for URI fragment // Decoding percent-encoding for URI fragment
if (c == '%') { if (c == '%') {
PercentDecodeStream is(&source[i]); PercentDecodeStream is(&source[i], source + length);
GenericInsituStringStream<EncodingType> os(name); GenericInsituStringStream<EncodingType> os(name);
Ch* begin = os.PutBegin(); Ch* begin = os.PutBegin();
Transcoder<UTF8<>, EncodingType> transcoder; Transcoder<UTF8<>, EncodingType> transcoder;
...@@ -551,10 +551,11 @@ private: ...@@ -551,10 +551,11 @@ private:
class PercentDecodeStream { class PercentDecodeStream {
public: public:
PercentDecodeStream(const Ch* source) : src_(source), head_(source), valid_(true) {} PercentDecodeStream(const Ch* source, const Ch* end) : src_(source), head_(source), end_(end), valid_(true) {}
Ch Take() { Ch Take() {
if (*src_ != '%') { // %XX triplet
if (src_ + 3 > end_ || *src_ != '%') {
valid_ = false; valid_ = false;
return 0; return 0;
} }
...@@ -582,6 +583,7 @@ private: ...@@ -582,6 +583,7 @@ private:
private: private:
const Ch* src_; //!< Current read position. const Ch* src_; //!< Current read position.
const Ch* head_; //!< Original head of the string. const Ch* head_; //!< Original head of the string.
const Ch* end_;
bool valid_; bool valid_;
}; };
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment