| Message ID | 1553169472-25325-1-git-send-email-liam.merwick@oracle.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | json: Fix off-by-one assert check in next_state() | expand |
Liam Merwick <liam.merwick@oracle.com> 于2019年3月21日周四 下午8:04写道: > The assert checking if the value of lexer->state in next_state(), > which is used as an index to the 'json_lexer' array, incorrectly > checks for an index value less than or equal to ARRAY_SIZE(json_lexer). > Fix assert so that it just checks for an index less than the array size. > > Signed-off-by: Liam Merwick <liam.merwick@oracle.com> > Reviewed-by: Li Qiang <liq3ea@gmail.com> > --- > qobject/json-lexer.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/qobject/json-lexer.c b/qobject/json-lexer.c > index a7df2093aa30..632320d72d5d 100644 > --- a/qobject/json-lexer.c > +++ b/qobject/json-lexer.c > @@ -266,7 +266,7 @@ static inline uint8_t next_state(JSONLexer *lexer, > char ch, bool flush, > { > uint8_t next; > > - assert(lexer->state <= ARRAY_SIZE(json_lexer)); > + assert(lexer->state < ARRAY_SIZE(json_lexer)); > next = json_lexer[lexer->state][(uint8_t)ch]; > *char_consumed = !flush && !(next & LOOKAHEAD); > return next & ~LOOKAHEAD; > -- > 1.8.3.1 > > >
Liam Merwick <liam.merwick@oracle.com> writes: > The assert checking if the value of lexer->state in next_state(), > which is used as an index to the 'json_lexer' array, incorrectly > checks for an index value less than or equal to ARRAY_SIZE(json_lexer). > Fix assert so that it just checks for an index less than the array size. > > Signed-off-by: Liam Merwick <liam.merwick@oracle.com> > --- > qobject/json-lexer.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/qobject/json-lexer.c b/qobject/json-lexer.c > index a7df2093aa30..632320d72d5d 100644 > --- a/qobject/json-lexer.c > +++ b/qobject/json-lexer.c > @@ -266,7 +266,7 @@ static inline uint8_t next_state(JSONLexer *lexer, char ch, bool flush, > { > uint8_t next; > > - assert(lexer->state <= ARRAY_SIZE(json_lexer)); > + assert(lexer->state < ARRAY_SIZE(json_lexer)); > next = json_lexer[lexer->state][(uint8_t)ch]; > *char_consumed = !flush && !(next & LOOKAHEAD); > return next & ~LOOKAHEAD; Classic off-by-one. Reviewed-by: Markus Armbruster <armbru@redhat.com> and queued, thanks!
On Thu, Mar 21, 2019 at 11:57:52AM +0000, Liam Merwick wrote: > The assert checking if the value of lexer->state in next_state(), > which is used as an index to the 'json_lexer' array, incorrectly > checks for an index value less than or equal to ARRAY_SIZE(json_lexer). > Fix assert so that it just checks for an index less than the array size. > > Signed-off-by: Liam Merwick <liam.merwick@oracle.com> > --- > qobject/json-lexer.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Thanks, Stefano
diff --git a/qobject/json-lexer.c b/qobject/json-lexer.c index a7df2093aa30..632320d72d5d 100644 --- a/qobject/json-lexer.c +++ b/qobject/json-lexer.c @@ -266,7 +266,7 @@ static inline uint8_t next_state(JSONLexer *lexer, char ch, bool flush, { uint8_t next; - assert(lexer->state <= ARRAY_SIZE(json_lexer)); + assert(lexer->state < ARRAY_SIZE(json_lexer)); next = json_lexer[lexer->state][(uint8_t)ch]; *char_consumed = !flush && !(next & LOOKAHEAD); return next & ~LOOKAHEAD;
The assert checking if the value of lexer->state in next_state(), which is used as an index to the 'json_lexer' array, incorrectly checks for an index value less than or equal to ARRAY_SIZE(json_lexer). Fix assert so that it just checks for an index less than the array size. Signed-off-by: Liam Merwick <liam.merwick@oracle.com> --- qobject/json-lexer.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)