Merge pull request json-c#325 from rouault/fix_stack_overflow_in_json…

…_object_double_to_json_string_format Fix stack buffer overflow in json_object_double_to_json_string_format()
shinae-woo · May 22, 2017 · e76ea37 · e76ea37
2 parents 6bd86d1 + 2c2deb8
commit e76ea37
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/json_object.c b/json_object.c
@@ -717,6 +717,8 @@ static int json_object_double_to_json_string_format(struct json_object* jso,
         format ? format : 
           (modf(jso->o.c_double, &dummy) == 0) ? "%.17g.0" : "%.17g",
           jso->o.c_double);
+  if(size < 0 || size >= (int)sizeof(buf))
+    size = (int)sizeof(buf);
 
   p = strchr(buf, ',');
   if (p) {