The assert checking if the value of lexer->state in next_state(),
which is used as an index to the 'json_lexer' array, incorrectly
checks for an index value less than or equal to ARRAY_SIZE(json_lexer).
Fix assert so that it just checks for an index less than the array size.
Signed-off-by: Liam Merwick <liam.merwick@oracle.com>
---
qobject/json-lexer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/qobject/json-lexer.c b/qobject/json-lexer.c
index a7df2093aa30..632320d72d5d 100644
--- a/qobject/json-lexer.c
+++ b/qobject/json-lexer.c
@@ -266,7 +266,7 @@ static inline uint8_t next_state(JSONLexer *lexer, char ch, bool flush,
{
uint8_t next;
- assert(lexer->state <= ARRAY_SIZE(json_lexer));
+ assert(lexer->state < ARRAY_SIZE(json_lexer));
next = json_lexer[lexer->state][(uint8_t)ch];
*char_consumed = !flush && !(next & LOOKAHEAD);
return next & ~LOOKAHEAD;
--
1.8.3.1
Liam Merwick <liam.merwick@oracle.com> 于2019年3月21日周四 下午8:04写道:
> The assert checking if the value of lexer->state in next_state(),
> which is used as an index to the 'json_lexer' array, incorrectly
> checks for an index value less than or equal to ARRAY_SIZE(json_lexer).
> Fix assert so that it just checks for an index less than the array size.
>
> Signed-off-by: Liam Merwick <liam.merwick@oracle.com>
>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
> ---
> qobject/json-lexer.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/qobject/json-lexer.c b/qobject/json-lexer.c
> index a7df2093aa30..632320d72d5d 100644
> --- a/qobject/json-lexer.c
> +++ b/qobject/json-lexer.c
> @@ -266,7 +266,7 @@ static inline uint8_t next_state(JSONLexer *lexer,
> char ch, bool flush,
> {
> uint8_t next;
>
> - assert(lexer->state <= ARRAY_SIZE(json_lexer));
> + assert(lexer->state < ARRAY_SIZE(json_lexer));
> next = json_lexer[lexer->state][(uint8_t)ch];
> *char_consumed = !flush && !(next & LOOKAHEAD);
> return next & ~LOOKAHEAD;
> --
> 1.8.3.1
>
>
>
Liam Merwick <liam.merwick@oracle.com> writes:
> The assert checking if the value of lexer->state in next_state(),
> which is used as an index to the 'json_lexer' array, incorrectly
> checks for an index value less than or equal to ARRAY_SIZE(json_lexer).
> Fix assert so that it just checks for an index less than the array size.
>
> Signed-off-by: Liam Merwick <liam.merwick@oracle.com>
> ---
> qobject/json-lexer.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/qobject/json-lexer.c b/qobject/json-lexer.c
> index a7df2093aa30..632320d72d5d 100644
> --- a/qobject/json-lexer.c
> +++ b/qobject/json-lexer.c
> @@ -266,7 +266,7 @@ static inline uint8_t next_state(JSONLexer *lexer, char ch, bool flush,
> {
> uint8_t next;
>
> - assert(lexer->state <= ARRAY_SIZE(json_lexer));
> + assert(lexer->state < ARRAY_SIZE(json_lexer));
> next = json_lexer[lexer->state][(uint8_t)ch];
> *char_consumed = !flush && !(next & LOOKAHEAD);
> return next & ~LOOKAHEAD;
Classic off-by-one.
Reviewed-by: Markus Armbruster <armbru@redhat.com>
and queued, thanks!
On Thu, Mar 21, 2019 at 11:57:52AM +0000, Liam Merwick wrote: > The assert checking if the value of lexer->state in next_state(), > which is used as an index to the 'json_lexer' array, incorrectly > checks for an index value less than or equal to ARRAY_SIZE(json_lexer). > Fix assert so that it just checks for an index less than the array size. > > Signed-off-by: Liam Merwick <liam.merwick@oracle.com> > --- > qobject/json-lexer.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Thanks, Stefano
© 2016 - 2026 Red Hat, Inc.