X-Git-Url: http://www.project-moonshot.org/gitweb/?p=jansson.git;a=blobdiff_plain;f=src%2Fload.c;h=5175f3589d5ce9b937ba2c65a3f2026d956a4e25;hp=fc3679d1a14ca6b16d29790b4356f82b20604f8b;hb=6d8c287032f9b87f1d787d41ecf9c37cdf29892c;hpb=ab3764ed0a376633037599773010feeba64ec1a3

diff --git a/src/load.c b/src/load.c
index fc3679d..5175f35 100644
--- a/src/load.c
+++ b/src/load.c
@@ -8,6 +8,7 @@
 #define _GNU_SOURCE
 #include <ctype.h>
 #include <errno.h>
+#include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -399,10 +400,11 @@ out:
     free(lex->value.string);
 }
 
-static void lex_scan_number(lex_t *lex, char c, json_error_t *error)
+static int lex_scan_number(lex_t *lex, char c, json_error_t *error)
 {
     const char *saved_text;
     char *end;
+    double value;
 
     lex->token = TOKEN_INVALID;
 
@@ -423,14 +425,26 @@ static void lex_scan_number(lex_t *lex, char c, json_error_t *error)
     }
 
     if(c != '.' && c != 'E' && c != 'e') {
+        long value;
+
         lex_unget_unsave(lex, c);
-        lex->token = TOKEN_INTEGER;
 
         saved_text = strbuffer_value(&lex->saved_text);
-        lex->value.integer = strtol(saved_text, &end, 10);
+        value = strtol(saved_text, &end, 10);
         assert(end == saved_text + lex->saved_text.length);
 
-        return;
+        if((value == LONG_MAX && errno == ERANGE) || value > INT_MAX) {
+            error_set(error, lex, "too big integer");
+            goto out;
+        }
+        else if((value == LONG_MIN && errno == ERANGE) || value < INT_MIN) {
+            error_set(error, lex, "too big negative integer");
+            goto out;
+        }
+
+        lex->token = TOKEN_INTEGER;
+        lex->value.integer = (int)value;
+        return 0;
     }
 
     if(c == '.') {
@@ -460,14 +474,29 @@ static void lex_scan_number(lex_t *lex, char c, json_error_t *error)
     }
 
     lex_unget_unsave(lex, c);
-    lex->token = TOKEN_REAL;
 
     saved_text = strbuffer_value(&lex->saved_text);
-    lex->value.real = strtod(saved_text, &end);
+    value = strtod(saved_text, &end);
     assert(end == saved_text + lex->saved_text.length);
 
+    if(value == 0 && errno == ERANGE) {
+        error_set(error, lex, "real number underflow");
+        goto out;
+    }
+
+    /* Cannot test for +/-HUGE_VAL because the HUGE_VAL constant is
+       only defined in C99 mode. So let's trust in sole errno. */
+    else if(errno == ERANGE) {
+        error_set(error, lex, "real number overflow");
+        goto out;
+    }
+
+    lex->token = TOKEN_REAL;
+    lex->value.real = value;
+    return 0;
+
 out:
-    return;
+    return -1;
 }
 
 static int lex_scan(lex_t *lex, json_error_t *error)
@@ -506,8 +535,10 @@ static int lex_scan(lex_t *lex, json_error_t *error)
     else if(c == '"')
         lex_scan_string(lex, error);
 
-    else if(isdigit(c) || c == '-')
-        lex_scan_number(lex, c, error);
+    else if(isdigit(c) || c == '-') {
+        if(lex_scan_number(lex, c, error))
+            goto out;
+    }
 
     else if(isupper(c) || islower(c)) {
         /* eat up the whole identifier for clearer error messages */