From cf38b7d17157ba674199238da776d822b184c154 Mon Sep 17 00:00:00 2001
From: "Serge A. Zaitsev" <zaitsev.serge@gmail.com>
Date: Mon, 17 Nov 2014 16:21:36 +0200
Subject: added js string boundaries checks for string parser, fixes issue #31;
 added tests to cover it; fixed makefile to use custom cflags/ldflags

---
 jsmn.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'jsmn.c')

diff --git a/jsmn.c b/jsmn.c
index 83353bd01..a0f4f69c6 100644
--- a/jsmn.c
+++ b/jsmn.c
@@ -113,8 +113,8 @@ static jsmnerr_t jsmn_parse_string(jsmn_parser *parser, const char *js,
 		}
 
 		/* Backslash: Quoted symbol expected */
-		if (c == '\\') {
-			int i = 0;
+		if (c == '\\' && parser->pos + 1 < len) {
+			int i;
 			parser->pos++;
 			switch (js[parser->pos]) {
 				/* Allowed escaped symbols */
@@ -124,7 +124,7 @@ static jsmnerr_t jsmn_parse_string(jsmn_parser *parser, const char *js,
 				/* Allows escaped symbol \uXXXX */
 				case 'u':
 					parser->pos++;
-					for(; i < 4 && js[parser->pos] != '\0'; i++) {
+					for(i = 0; i < 4 && parser->pos < len && js[parser->pos] != '\0'; i++) {
 						/* If it isn't a hex character we have an error */
 						if(!((js[parser->pos] >= 48 && js[parser->pos] <= 57) || /* 0-9 */
 									(js[parser->pos] >= 65 && js[parser->pos] <= 70) || /* A-F */
-- 
cgit v1.2.3