From cf38b7d17157ba674199238da776d822b184c154 Mon Sep 17 00:00:00 2001
From: "Serge A. Zaitsev" <zaitsev.serge@gmail.com>
Date: Mon, 17 Nov 2014 16:21:36 +0200
Subject: [PATCH] added js string boundaries checks for string parser, fixes
 issue #31; added tests to cover it; fixed makefile to use custom
 cflags/ldflags

---
 Makefile    |  6 +++---
 jsmn.c      |  6 +++---
 jsmn_test.c | 10 ++++++++++
 3 files changed, 16 insertions(+), 6 deletions(-)

diff --git a/Makefile b/Makefile
index fe9e168..5e3e2a9 100644
--- a/Makefile
+++ b/Makefile
@@ -13,15 +13,15 @@ test: jsmn_test
 	./jsmn_test
 
 jsmn_test: jsmn_test.o
-	$(CC) -L. -ljsmn $< -o $@
+	$(CC) $(LDFLAGS) -L. -ljsmn $< -o $@
 
 jsmn_test.o: jsmn_test.c libjsmn.a
 
 simple_example: example/simple.o libjsmn.a
-	$(CC) $^ -o $@
+	$(CC) $(LDFLAGS) $^ -o $@
 
 jsondump: example/jsondump.o libjsmn.a
-	$(CC) $^ -o $@
+	$(CC) $(LDFLAGS) $^ -o $@
 
 clean:
 	rm -f jsmn.o jsmn_test.o example/simple.o
diff --git a/jsmn.c b/jsmn.c
index 83353bd..a0f4f69 100644
--- a/jsmn.c
+++ b/jsmn.c
@@ -113,8 +113,8 @@ static jsmnerr_t jsmn_parse_string(jsmn_parser *parser, const char *js,
 		}
 
 		/* Backslash: Quoted symbol expected */
-		if (c == '\\') {
-			int i = 0;
+		if (c == '\\' && parser->pos + 1 < len) {
+			int i;
 			parser->pos++;
 			switch (js[parser->pos]) {
 				/* Allowed escaped symbols */
@@ -124,7 +124,7 @@ static jsmnerr_t jsmn_parse_string(jsmn_parser *parser, const char *js,
 				/* Allows escaped symbol \uXXXX */
 				case 'u':
 					parser->pos++;
-					for(; i < 4 && js[parser->pos] != '\0'; i++) {
+					for(i = 0; i < 4 && parser->pos < len && js[parser->pos] != '\0'; i++) {
 						/* If it isn't a hex character we have an error */
 						if(!((js[parser->pos] >= 48 && js[parser->pos] <= 57) || /* 0-9 */
 									(js[parser->pos] >= 65 && js[parser->pos] <= 70) || /* A-F */
diff --git a/jsmn_test.c b/jsmn_test.c
index 36d04e3..3968859 100644
--- a/jsmn_test.c
+++ b/jsmn_test.c
@@ -206,6 +206,16 @@ int test_partial_string() {
 	check(TOKEN_STRING(js, tok[0], "x"));
 	check(p.toknext == 1);
 
+	jsmn_init(&p);
+	char js_slash[9] = "\"x\": \"va\\";
+	r = jsmn_parse(&p, js_slash, sizeof(js_slash), tok, 10);
+	check(r == JSMN_ERROR_PART);
+
+	jsmn_init(&p);
+	char js_unicode[10] = "\"x\": \"va\\u";
+	r = jsmn_parse(&p, js_unicode, sizeof(js_unicode), tok, 10);
+	check(r == JSMN_ERROR_PART);
+
 	js = "\"x\": \"valu";
 	r = jsmn_parse(&p, js, strlen(js), tok, 10);
 	check(r == JSMN_ERROR_PART && tok[0].type == JSMN_STRING);