search

brianmario / yajl-ruby

A streaming JSON parsing and encoding library for Ruby (C bindings to yajl)
http://rdoc.info/projects/brianmario/yajl-ruby
MIT License
1.48k stars 169 forks source link

Fix off-by-one in yajl_ext.c #197

Closed disconnect3d closed 3 years ago

disconnect3d commented 3 years ago

The "false" string has a length of 5 but we currently compare only 4 bytes.

This was found with a "cstrnfinder" research and I haven't tested this change (more info https://twitter.com/disconnect3d_pl/status/1339757359896408065). Close this PR if this change is incorrect.

brianmario commented 3 years ago

Build failures can be ignored here.

Thanks!