!41 backport patch to fix integer overflow

From: @anonymous_z Reviewed-by: @yanan-rock Signed-off-by: @yanan-rock
2023-04-21 06:56:21 +00:00 · 2023-04-21 06:56:21 +00:00 · ebb1f33378
commit ebb1f33378
parent b0a5698322 48fab61885
2 changed files with 57 additions and 1 deletions
--- a/backport-Explicitly-check-for-integer-overflow-when-parsing.patch
+++ b/backport-Explicitly-check-for-integer-overflow-when-parsing.patch
@ -0,0 +1,52 @@
+From d6f46ae104871360f84695737864870c97adfd14 Mon Sep 17 00:00:00 2001
+From: Eric Haszlakiewicz <erh+git@nimenees.com>
+Date: Sun, 30 Oct 2022 19:29:15 +0000
+Subject: [PATCH] Explicitly check for integer overflow/underflow when 
+ parsing integers with JSON_TOKENER_STRICT.
+
+Reference:https://github.com/json-c/json-c/commit/d6f46ae104871360f84695737864870c97adfd14
+Conflict:Ignore changes in the ChangeLog and test because the pre-feature patch is not merged
+
+---
+ json_tokener.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/json_tokener.c b/json_tokener.c
+index 0c09b66..1feee65 100644
+--- a/json_tokener.c
+++ b/json_tokener.c
+@@ -17,6 +17,7 @@
+ 
+ #include "math_compat.h"
+ #include <assert.h>
+#include <errno.h>
+ #include <limits.h>
+ #include <math.h>
+ #include <stddef.h>
+@@ -991,6 +992,11 @@ struct json_object *json_tokener_parse_ex(struct json_tokener *tok, const char *
+ 				if (!tok->is_double && tok->pb->buf[0] == '-' &&
+ 				    json_parse_int64(tok->pb->buf, &num64) == 0)
+ 				{
+					if (errno == ERANGE && (tok->flags & JSON_TOKENER_STRICT))
+					{
+						tok->err = json_tokener_error_parse_number;
+						goto out;
+					}
+ 					current = json_object_new_int64(num64);
+ 					if (current == NULL)
+ 						goto out;
+@@ -998,6 +1004,11 @@ struct json_object *json_tokener_parse_ex(struct json_tokener *tok, const char *
+ 				else if (!tok->is_double && tok->pb->buf[0] != '-' &&
+ 				         json_parse_uint64(tok->pb->buf, &numuint64) == 0)
+ 				{
+					if(errno==ERANGE&&(tok->flags & JSON_TOKENER_STRICT))
+					{
+						tok->err=json_tokener_error_parse_number;
+						goto out;
+					}
+ 					if (numuint64 && tok->pb->buf[0] == '0' &&
+ 					    (tok->flags & JSON_TOKENER_STRICT))
+ 					{
+-- 
+2.27.0
+
--- a/json-c.spec
+++ b/json-c.spec
@ -6,7 +6,7 @@

 Name:           json-c
 Version:        0.16
-Release:        2
+Release:        3
 Summary:        JSON implementation in C

 License:        MIT
@ -18,6 +18,7 @@ BuildRequires:  cmake gcc ninja-build
 Patch6001:      backport-Add-test-to-check-for-the-memory-leak-mentioned-in-issue-781.patch
 Patch6002:      backport-Fix-memory-leak-with-emtpy-strings-in-json_object_set_string.patch
 Patch6003:      backport-json_object_from_fd_ex-fail-if-file-is-too-large.patch
+Patch6004:      backport-Explicitly-check-for-integer-overflow-when-parsing.patch

 %description
 JSON-C implements a reference counting object model that allows you
@ -105,6 +106,9 @@ end
 %doc %{_pkgdocdir}

 %changelog
+* Fri Apr 21 2023 zhangrui <zhangrui182@huawei.com> - 0.16-3
+- backport patch to fix integer overflow
+
 * Mon Nov 14 2022 mengkanglai <mengkanglai2@huawei.com> - 0.16-2
 - add backport-Add-test-to-check-for-the-memory-leak-mentioned-in-issue-781.patch
 - add backport-Fix-memory-leak-with-emtpy-strings-in-json_object_set_string.patch