Skip to content

Commit c4e07ae

Browse files
Harden against size_t overflow in upb json decode
PiperOrigin-RevId: 941296469
1 parent 06076f5 commit c4e07ae

1 file changed

Lines changed: 2 additions & 0 deletions

File tree

upb/json/decode.c

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -431,6 +431,8 @@ static size_t jsondec_unicode(jsondec* d, char* out) {
431431
static void jsondec_resize(jsondec* d, char** buf, char** end, char** buf_end) {
432432
size_t oldsize = *buf_end - *buf;
433433
size_t len = *end - *buf;
434+
435+
jsondec_checkoom(d, oldsize <= SIZE_MAX / 2);
434436
size_t size = UPB_MAX(8, 2 * oldsize);
435437

436438
*buf = upb_Arena_Realloc(d->arena, *buf, len, size);

0 commit comments

Comments
 (0)