[sr-dev] git:master:678b1a68: core: srjson - init vars and check scanned values

Module: kamailio Branch: master Commit: 678b1a68de86d9539adeaf0262d9735b8d435077 URL: https://github.com/kamailio/kamailio/commit/678b1a68de86d9539adeaf0262d9735… Author: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Committer: Daniel-Constantin Mierla &lt;miconda(a)gmail.com&gt; Date: 2023-12-18T12:04:10+01:00 core: srjson - init vars and check scanned values --- Modified: src/core/utils/srjson.c --- Diff: https://github.com/kamailio/kamailio/commit/678b1a68de86d9539adeaf0262d9735… Patch: https://github.com/kamailio/kamailio/commit/678b1a68de86d9539adeaf0262d9735… --- diff --git a/src/core/utils/srjson.c b/src/core/utils/srjson.c index 5960932f545..f339230232a 100644 --- a/src/core/utils/srjson.c +++ b/src/core/utils/srjson.c @@ -272,7 +272,10 @@ static const char *parse_string( *ptr2++ = '\t'; break; case 'u': /* transcode utf16 to utf8. */ - sscanf(ptr + 1, "%4x", &uc); + uc = 0; + if(sscanf(ptr + 1, "%4x", &uc) < 1) { + break; + } ptr += 4; /* get the unicode char. */ if((uc >= 0xDC00 && uc <= 0xDFFF) || uc == 0) @@ -283,8 +286,11 @@ static const char *parse_string( { if(ptr[1] != '\\' || ptr[2] != 'u') break; + uc2 = 0; //missing second - half of surrogate. - sscanf(ptr + 3, "%4x", &uc2); + if(sscanf(ptr + 3, "%4x", &uc2) < 1) { + break; + } ptr += 6; if(uc2 < 0xDC00 || uc2 > 0xDFFF) break;