From 08cdb3676d68a35dc58dc3348edcb109c72f1fae Mon Sep 17 00:00:00 2001 From: Gunnar Beutner Date: Sun, 20 Apr 2014 18:30:24 +0200 Subject: [PATCH] Fix buffer overflow in print_number(). Refs #4865 --- third-party/cJSON/cJSON.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/third-party/cJSON/cJSON.c b/third-party/cJSON/cJSON.c index 75a1527a6..5ebfcc38a 100644 --- a/third-party/cJSON/cJSON.c +++ b/third-party/cJSON/cJSON.c @@ -127,7 +127,7 @@ static char *print_number(cJSON *item) } else { - str=(char*)cJSON_malloc(64); /* This is a nice tradeoff. */ + str=(char*)cJSON_malloc(64 + (int)log10(d)); /* This is a nice tradeoff. */ if (str) { if (d != d) strcpy(str, "0");