diff options
-rw-r--r-- | src/plist.c | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/src/plist.c b/src/plist.c index 2f4990c..e8f6974 100644 --- a/src/plist.c +++ b/src/plist.c @@ -222,6 +222,9 @@ plist_err_t plist_from_memory(const char *plist_data, uint32_t length, plist_t * int is_xml = 0; /* skip whitespace */ SKIP_WS(plist_data, pos, length); + if (pos >= length) { + return PLIST_ERR_PARSE; + } if (plist_data[pos] == '<' && (length-pos > 3) && !isxdigit(plist_data[pos+1]) && !isxdigit(plist_data[pos+2]) && !isxdigit(plist_data[pos+3])) { is_xml = 1; } else if (plist_data[pos] == '[') { @@ -233,19 +236,28 @@ plist_err_t plist_from_memory(const char *plist_data, uint32_t length, plist_t * /* this could be json or openstep */ pos++; SKIP_WS(plist_data, pos, length); + if (pos >= length) { + return PLIST_ERR_PARSE; + } if (plist_data[pos] == '"') { /* still could be both */ pos++; - do { + while (pos < length) { FIND_NEXT(plist_data, pos, length, '"'); if (plist_data[pos-1] != '\\') { break; } pos++; - } while (pos < length); + } + if (pos >= length) { + return PLIST_ERR_PARSE; + } if (plist_data[pos] == '"') { pos++; SKIP_WS(plist_data, pos, length); + if (pos >= length) { + return PLIST_ERR_PARSE; + } if (plist_data[pos] == ':') { /* this is definitely json */ is_json = 1; |