From 61834297d7380cf2b211b557f1b10f45150aa1ea Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 25 Oct 2023 08:57:39 +0200 Subject: global-functions: $ParseJson: prevent infinite loop... ... which could happen on corrupted or truncated input. --- global-functions.rsc | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/global-functions.rsc b/global-functions.rsc index 443771d..12e13fe 100644 --- a/global-functions.rsc +++ b/global-functions.rsc @@ -700,6 +700,7 @@ :set ParseJson do={ :local Input [ :tostr $1 ]; + :local InLen; :local Return ({}); :local Skip 0; @@ -707,8 +708,9 @@ :set Input [ :pick $Input 1 ([ :len $Input ] - 1) ]; } :set Input [ :toarray $Input ]; + :set InLen [ :len $Input ]; - :for I from=0 to=[ :len $Input ] do={ + :for I from=0 to=$InLen do={ :if ($Skip > 0 || $Input->$I = "\n" || $Input->$I = "\r\n") do={ :if ($Skip > 0) do={ :set $Skip ($Skip - 1); @@ -735,7 +737,7 @@ :set ValX [ :pick $ValX 0 ([ :len $ValX ] - 1) ]; } :set ($Return->$Key) (($Return->$Key), $ValX); - } while=($Last = false); + } while=($Last = false && $I + $Skip < $InLen); :set Done true; } :if ($Done = false && $Val1 = ":[]") do={ -- cgit v1.2.3-70-g09d2