e50154f615
Several issues occur if a string is longer than INT_MAX: - The function json_object_get_string_len returns the length of a string as int. If the string is longer than INT_MAX, the result would be negative. - That in turn would lead to possible out of boundary access when comparing these strings with memcmp and the returned length as done in json_object_equal. - If json_escape_str is called with such strings, out of boundary accesses can occur due to internal int handling (also fixed). - The string cannot be printed out due to printbuffer limits at INT_MAX (which is still true after this commit). Such huge strings can only be inserted through API calls at this point because input files are capped at INT_MAX anyway. Due to huge amount of RAM needed to reproduce these issues I have not added test cases.
48 KiB
48 KiB