FSMaxB
commented
8 years ago I now do understand the code and it was quite easy to fix. Just check that all 4 characters following the \u are actually hexadecimal digits.
Closed FSMaxB closed 8 years ago
FSMaxB
commented
8 years ago I now do understand the code and it was quite easy to fix. Just check that all 4 characters following the \u are actually hexadecimal digits.
Most of the crashes found by AFL are because Unicode handling is broken.
\ufollowed by something that is not a number will in most cases crash the library.Unfortunately, this part of the code is one of those parts that I don't really understand how it works, so I didn't rewrite it when I did the fork.
Nevertheless, this definitely needs to be tackled. There's a patch in cJSON that fixes it, I may be able to port it over: https://github.com/DaveGamble/cJSON/commit/ee579ecbd69447c6f43ecb22f9f3d3102580138b