Closed stevenjohnstone closed 6 years ago
Hi thanks again for raising issue. Will be fixed today and run more tests with go-fuzz.
I opened a pull request: https://github.com/francoispqt/gojay/pull/33 Crashers for floats have been fixed. Have found new potential ones for ints which I have fixed. Will run more tests before merging. Don't want to release a patch before making sure I've ran enough tests. Thanks!
Pull request is merged. Closing the issue. Let me know if you find any other, thank you!
Did some fuzzing on ca0442d6e33334128a2ee68f24c6c962de72ead3 with:
Found cases like
caused panics in float parsing
Looks like the check https://github.com/francoispqt/gojay/blob/master/decode_number_float.go#L261 needs to use the magnitude of exp to handle the negative case?
Also, the following input
gave