go.mod: github.com/buger/jsonparser v1.1.1
Fix CVE-2020-35381 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit is contained in:
Sebastiaan van Stijn
33
vendor/github.com/buger/jsonparser/bytes.go
generated
vendored
33
vendor/github.com/buger/jsonparser/bytes.go
generated
vendored
@ -1,9 +1,16 @@
|
||||
package jsonparser
|
||||
|
||||
// About 3x faster then strconv.ParseInt because does not check for range error and support only base 10, which is enough for JSON
|
||||
func parseInt(bytes []byte) (v int64, ok bool) {
|
||||
import (
|
||||
bio "bytes"
|
||||
)
|
||||
|
||||
// minInt64 '-9223372036854775808' is the smallest representable number in int64
|
||||
const minInt64 = `9223372036854775808`
|
||||
|
||||
// About 2x faster then strconv.ParseInt because it only supports base 10, which is enough for JSON
|
||||
func parseInt(bytes []byte) (v int64, ok bool, overflow bool) {
|
||||
if len(bytes) == 0 {
|
||||
return 0, false
|
||||
return 0, false, false
|
||||
}
|
||||
|
||||
var neg bool = false
|
||||
@ -12,17 +19,29 @@ func parseInt(bytes []byte) (v int64, ok bool) {
|
||||
bytes = bytes[1:]
|
||||
}
|
||||
|
||||
var b int64 = 0
|
||||
for _, c := range bytes {
|
||||
if c >= '0' && c <= '9' {
|
||||
v = (10 * v) + int64(c-'0')
|
||||
b = (10 * v) + int64(c-'0')
|
||||
} else {
|
||||
return 0, false
|
||||
return 0, false, false
|
||||
}
|
||||
if overflow = (b < v); overflow {
|
||||
break
|
||||
}
|
||||
v = b
|
||||
}
|
||||
|
||||
if overflow {
|
||||
if neg && bio.Equal(bytes, []byte(minInt64)) {
|
||||
return b, true, false
|
||||
}
|
||||
return 0, false, true
|
||||
}
|
||||
|
||||
if neg {
|
||||
return -v, true
|
||||
return -v, true, false
|
||||
} else {
|
||||
return v, true
|
||||
return v, true, false
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user