patch 8.1.1355: obvious mistakes are accepted as valid expressions
Problem: Obvious mistakes are accepted as valid expressions.
Solution: Be more strict about parsing numbers. (Yasuhiro Matsumoto,
closes #3981)
diff --git a/src/json.c b/src/json.c
index 9fb6af0..8674bf2 100644
--- a/src/json.c
+++ b/src/json.c
@@ -452,7 +452,12 @@
nr = 0;
len = 0;
vim_str2nr(p + 2, NULL, &len,
- STR2NR_HEX + STR2NR_FORCE, &nr, NULL, 4);
+ STR2NR_HEX + STR2NR_FORCE, &nr, NULL, 4, TRUE);
+ if (len == 0)
+ {
+ ga_clear(&ga);
+ return FAIL;
+ }
p += len + 2;
if (0xd800 <= nr && nr <= 0xdfff
&& (int)(reader->js_end - p) >= 6
@@ -463,7 +468,12 @@
/* decode surrogate pair: \ud812\u3456 */
len = 0;
vim_str2nr(p + 2, NULL, &len,
- STR2NR_HEX + STR2NR_FORCE, &nr2, NULL, 4);
+ STR2NR_HEX + STR2NR_FORCE, &nr2, NULL, 4, TRUE);
+ if (len == 0)
+ {
+ ga_clear(&ga);
+ return FAIL;
+ }
if (0xdc00 <= nr2 && nr2 <= 0xdfff)
{
p += len + 2;
@@ -783,7 +793,13 @@
vim_str2nr(reader->js_buf + reader->js_used,
NULL, &len, 0, /* what */
- &nr, NULL, 0);
+ &nr, NULL, 0, TRUE);
+ if (len == 0)
+ {
+ emsg(_(e_invarg));
+ retval = FAIL;
+ goto theend;
+ }
if (cur_item != NULL)
{
cur_item->v_type = VAR_NUMBER;