Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> Hi Florian,
>
> On Thu, Mar 27, 2025 at 04:17:11PM +0100, Florian Westphal wrote:
> > The bogon will trigger the assertion in mpz_import_data:
> > src/expression.c:418: constant_expr_alloc: Assertion `(((len) + (8) - 1) / (8)) > 0' failed.
>
> I took a quick look searching for {s:s} in src/parser_json.c
>
> The common idiom is json_parse_err() then a helper parser function to
> validate the string.
>
> It seems it is missing in this case. Maybe tigthen json parser instead?
>
> Caller invoking constant_expr_alloc() with data != NULL but no len
> looks broken to me.
return constant_expr_alloc(int_loc, &string_type, BYTEORDER_HOST_ENDIAN,
strlen(chain) * BITS_PER_BYTE, chain);
chain name is '""'.
There are other spots where we possibly call into constant_expr_alloc()
with a 0 argument.
I think it would be a lot more work and bloat to add all the checks on
the json side while its a one-liner in constant_expr_alloc().
I could also add json_constant_expr_alloc() but it seems kinda silly to me.
