Skip to content

fix: BJData size calculation overflow#4765

Merged
nlohmann merged 1 commit intonlohmann:developfrom
thevilledev:fix/int-overflow-bjdata
Apr 29, 2025
Merged

fix: BJData size calculation overflow#4765
nlohmann merged 1 commit intonlohmann:developfrom
thevilledev:fix/int-overflow-bjdata

Conversation

@thevilledev
Copy link
Contributor

@thevilledev thevilledev commented Apr 27, 2025

Adds pre-multiplication overflow detection to catch cases where dimension products would exceed size_t max. The previous check only detected when overflow resulted in exactly 0 or SIZE_MAX, missing other cases.

Retains the original post-multiplication check for backward compatibility. Adds tests verifying overflow detection with dimensions (2^32+1)×(2^32), which previously overflowed silently to 2^32.

This prevents custom SAX handlers from receiving incorrect array sizes that could lead to buffer overflows.

  • The changes are described in detail, both the what and why.
  • If applicable, an existing issue is referenced.
  • The Code coverage remained at 100%. A test case for every new line of code.
  • If applicable, the documentation is updated.
  • The source code is amalgamated by running make amalgamate.

@thevilledev thevilledev requested a review from nlohmann as a code owner April 27, 2025 14:56
nlohmann
nlohmann reviewed Apr 27, 2025
View reviewed changes
@thevilledev thevilledev force-pushed the fix/int-overflow-bjdata branch from c28033b to 535e9dc Compare April 27, 2025 15:38
@nlohmann nlohmann added the please rebase Please rebase your branch to origin/develop label Apr 27, 2025
@nlohmann
Copy link
Owner

nlohmann commented Apr 27, 2025

Please rebase to the latest develop branch to fix the GCC-related errors.

@coveralls
Copy link

coveralls commented Apr 27, 2025
edited
Loading

Coverage Status

coverage: 99.188%. remained the same
when pulling 02a59cf on thevilledev:fix/int-overflow-bjdata
into 6b91993 on nlohmann:develop.

@thevilledev
fix: BJData size calculation overflow
02a59cf 
Adds pre-multiplication overflow detection to catch cases where dimension
products would exceed size_t max. The previous check only detected when
overflow resulted in exactly 0 or SIZE_MAX, missing other cases.

Retains the original post-multiplication check for backward compatibility.
Adds tests verifying overflow detection with dimensions (2^32+1)×(2^32),
which previously overflowed silently to 2^32.

This prevents custom SAX handlers from receiving incorrect array sizes
that could lead to buffer overflows.

Signed-off-by: Ville Vesilehto <ville@vesilehto.fi>
@thevilledev thevilledev force-pushed the fix/int-overflow-bjdata branch from 535e9dc to 02a59cf Compare April 27, 2025 18:02
@nlohmann nlohmann removed the please rebase Please rebase your branch to origin/develop label Apr 27, 2025
nlohmann
nlohmann approved these changes Apr 29, 2025
View reviewed changes
Copy link
Owner

@nlohmann nlohmann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

@nlohmann nlohmann added this to the Release 3.12.1 milestone Apr 29, 2025
@nlohmann nlohmann merged commit dff2b47 into nlohmann:develop Apr 29, 2025
140 checks passed
@nlohmann
Copy link
Owner

nlohmann commented Apr 29, 2025

Thanks!

@thevilledev thevilledev deleted the fix/int-overflow-bjdata branch April 30, 2025 11:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nlohmann nlohmann nlohmann approved these changes

Assignees

No one assigned

Labels

L tests

Projects

None yet

Milestone

Release 3.12.1

Development

Successfully merging this pull request may close these issues.

3 participants

@thevilledev @nlohmann @coveralls