bej_decoder_json: Add a limit on # of 0s in "real" We have count the number of 0s in real numbers to add to the output string. To prevent OOM from many 0s, add a limit. Tested: Add unit test Change-Id: I5e298554cf9d93b3f7ab86cac5b0b0a6f443716b Signed-off-by: Brandon Kim <brandonkim@google.com>

commit: 9eb0117f0f5e5ed8ffe82d51f70d7af3b9baf6a0 [log] [tgz]
author: Brandon Kim <brandonkim@google.com> Mon Jun 23 21:26:59 2025 +0000
committer: Brandon Kim <brandonkim@google.com> Mon Jun 23 21:34:48 2025 +0000
tree: d3eb56fb6c8a993b6f72bfde7e49851476438f5b
parent: ef01d4c5f9f04401f9ab668a91e1330e2eb29d89 [diff]
diff --git a/src/bej_decoder_json.cpp b/src/bej_decoder_json.cpp
index 5f8ddac..9fceeba 100644
--- a/src/bej_decoder_json.cpp
+++ b/src/bej_decoder_json.cpp

@@ -202,6 +202,12 @@
     struct BejJsonParam* params =
         reinterpret_cast<struct BejJsonParam*>(dataPtr);
 
+    // Sanity check for zeroCount
+    if (value->zeroCount > 100)
+    {
+        return bejErrorInvalidSize;
+    }
+
     addPropertyNameToOutput(params, propertyName);
     params->output->append(std::to_string(value->whole));
     params->output->push_back('.');
commit	9eb0117f0f5e5ed8ffe82d51f70d7af3b9baf6a0	[log] [tgz]
author	Brandon Kim <brandonkim@google.com>	Mon Jun 23 21:26:59 2025 +0000
committer	Brandon Kim <brandonkim@google.com>	Mon Jun 23 21:34:48 2025 +0000
tree	d3eb56fb6c8a993b6f72bfde7e49851476438f5b
parent	ef01d4c5f9f04401f9ab668a91e1330e2eb29d89 [diff]