diff options
| author | dan <Dan Kennedy> | 2024-01-29 15:30:35 +0000 |
|---|---|---|
| committer | dan <Dan Kennedy> | 2024-01-29 15:30:35 +0000 |
| commit | 7f9a1ff3f2f909773ea7861425046fc0286508f2 (patch) | |
| tree | 76817d9e76b115e085712053995d1c2e576c3c52 /src | |
| parent | 3fc7a34efc5b840c069a4d55f61f14b3d68df85b (diff) | |
| download | sqlite-7f9a1ff3f2f909773ea7861425046fc0286508f2.tar.gz sqlite-7f9a1ff3f2f909773ea7861425046fc0286508f2.zip | |
Avoid a potential buffer overread when handling corrupt json blobs.
FossilOrigin-Name: 738473dc0ac353731080d0785cc7dc9810b564906c176916bd91d6cfbb1a7b18
Diffstat (limited to 'src')
| -rw-r--r-- | src/json.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/json.c b/src/json.c index d69d96793..94f5a3ef9 100644 --- a/src/json.c +++ b/src/json.c @@ -2073,8 +2073,8 @@ static u32 jsonbPayloadSize(const JsonParse *pParse, u32 i, u32 *pSz){ (pParse->aBlob[i+7]<<8) + pParse->aBlob[i+8]; n = 9; } - if( i+sz+n > pParse->nBlob - && i+sz+n > pParse->nBlob-pParse->delta + if( (i64)i+sz+n > pParse->nBlob + && (i64)i+sz+n > pParse->nBlob-pParse->delta ){ sz = 0; n = 0; |