Merge remote-tracking branch 'origin/master' into master

kstenerud · May 28, 2015 · 774b4fb · 774b4fb
2 parents db2e9d3 + 1561f1c
commit 774b4fb
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 2 deletions.
diff --git a/KSCrash.podspec b/KSCrash.podspec
@@ -1,6 +1,6 @@
 Pod::Spec.new do |s|
   s.name         = "KSCrash"
-  s.version      = "0.0.2"
+  s.version      = "0.0.4"
   s.summary      = "The Ultimate iOS Crash Reporter"
   s.homepage     = "https://github.com/kstenerud/KSCrash"
   s.license     = { :type => 'KSCrash license agreement', :file => 'LICENSE' }

diff --git a/Source/KSCrash-Tests/KSJSONCodec_Tests.m b/Source/KSCrash-Tests/KSJSONCodec_Tests.m
@@ -1491,4 +1491,26 @@ - (void) testDeserializeObjectWithNullIgnoreAllNulls
     XCTAssertTrue([result count] == 0, @"");
 }
 
+- (void) testFloatParsingDoesntOverflow
+{
+    NSError *error = (NSError*)self;
+
+    char * buffer = malloc(0x1000000);
+    for (int i = 0; i < 0x1000000; i++) {
+        buffer[i] = ';';
+    }
+
+    memcpy(buffer, "{\"test\":1.1}", 12);
+
+    NSData *data = [NSData dataWithBytesNoCopy:buffer length:0x1000000 freeWhenDone:YES];
+
+    NSDictionary *result = [KSJSONCodec decode: data
+                                    options:0
+                                         error:&error];
+    XCTAssertNotNil(result, @"");
+    XCTAssertNil(error, @"");
+    XCTAssertTrue([result count] == 1, @"");
+
+}
+
 @end
diff --git a/Source/KSCrash/Recording/KSCrashReport.c b/Source/KSCrash/Recording/KSCrashReport.c
@@ -51,6 +51,7 @@
 
 
 #ifdef __arm64__
+    #include <sys/_types/_ucontext64.h>
     #define UC_MCONTEXT uc_mcontext64
     typedef ucontext64_t SignalUserContext;
 #else

diff --git a/Source/KSCrash/Recording/Tools/KSJSONCodec.c b/Source/KSCrash/Recording/Tools/KSJSONCodec.c
@@ -1137,8 +1137,19 @@ int ksjsoncodec_i_decodeElement(const char** ptr,
                 return KSJSON_ERROR_INCOMPLETE;
             }
 
+            // our buffer is not necessarily NULL-terminated, so
+            // it would be undefined to call sscanf/sttod etc. directly.
+            // instead we create a temporary string.
             double value;
-            sscanf(start, "%lg", &value);
+            size_t len = (size_t)(*ptr - start);
+            char * buf = malloc(len + 1);
+            strncpy(buf, start, len);
+            buf[len] = '\0';
+
+            sscanf(buf, "%lg", &value);
+
+            free(buf);
+
             value *= sign;
             return callbacks->onFloatingPointElement(name, value, userData);
         }