Skip to content

Commit 5ca7b5e

Browse files
michaelrsweetmichaelrsweet
committed
Calculate actual size of number values when exporting, and fix argument to _cupsStrFormatd.
1 parent 616dc2a commit 5ca7b5e

2 files changed

Lines changed: 20 additions & 5 deletions

File tree

CHANGES.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,6 +8,7 @@ v3.0.2 - YYYY-MM-DD
88
generated test page content from 1 to 9600dpi.
99
- Fixed a recursion issue with encoding of nested collections.
1010
- Fixed a potential margin issue when generating A4 PCL from `ipptransform`.
11+
- Fixed exporting of JSON with very large numbers.
1112

1213

1314
v3.0.1 - 2026-04-09

cups/json.c

Lines changed: 19 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
//
22
// JSON API implementation for CUPS.
33
//
4-
// Copyright © 2022-2025 by OpenPrinting.
4+
// Copyright © 2022-2026 by OpenPrinting.
55
//
66
// Licensed under Apache License v2.0. See the file "LICENSE" for more
77
// information.
@@ -226,7 +226,9 @@ cupsJSONExportString(cups_json_t *json) // I - JSON root node
226226
cups_json_t *current; // Current node
227227
size_t length; // Length of JSON data as a string
228228
char *s, // JSON string
229-
*ptr; // Pointer into string
229+
*ptr, // Pointer into string
230+
*end, // End of string
231+
temp[1024]; // Temporary string
230232
const char *value; // Pointer into string value
231233
struct lconv *loc; // Locale data
232234

@@ -244,6 +246,7 @@ cupsJSONExportString(cups_json_t *json) // I - JSON root node
244246
// Figure out the necessary space needed in the string
245247
current = json;
246248
length = 1; // nul
249+
loc = localeconv();
247250

248251
while (current)
249252
{
@@ -267,7 +270,8 @@ cupsJSONExportString(cups_json_t *json) // I - JSON root node
267270
break;
268271

269272
case CUPS_JTYPE_NUMBER :
270-
length += 32;
273+
_cupsStrFormatd(temp, temp + sizeof(temp) - 1, current->value.number, loc);
274+
length += strlen(temp);
271275
break;
272276

273277
case CUPS_JTYPE_KEY :
@@ -327,7 +331,7 @@ cupsJSONExportString(cups_json_t *json) // I - JSON root node
327331

328332
current = json;
329333
ptr = s;
330-
loc = localeconv();
334+
end = s + length - 1;
331335

332336
while (current)
333337
{
@@ -362,11 +366,14 @@ cupsJSONExportString(cups_json_t *json) // I - JSON root node
362366
break;
363367

364368
case CUPS_JTYPE_OBJECT :
369+
if (ptr >= end)
370+
goto overflow;
371+
365372
*ptr++ = '{';
366373
break;
367374

368375
case CUPS_JTYPE_NUMBER :
369-
_cupsStrFormatd(ptr, s + length, current->value.number, loc);
376+
_cupsStrFormatd(ptr, end, current->value.number, loc);
370377
ptr += strlen(ptr);
371378
break;
372379

@@ -471,6 +478,13 @@ cupsJSONExportString(cups_json_t *json) // I - JSON root node
471478
DEBUG_printf("3cupsJSONExportString: Returning \"%s\".", s);
472479

473480
return (s);
481+
482+
// If we get here we overflowed our string buffer for some reason...
483+
overflow:
484+
485+
free(s);
486+
487+
return (NULL);
474488
}
475489

476490

0 commit comments

Comments
 (0)