Liam Merwick <liam.merw...@oracle.com> writes:
> The assert checking if the value of lexer->state in next_state(),
> which is used as an index to the 'json_lexer' array, incorrectly
> checks for an index value less than or equal to ARRAY_SIZE(json_lexer).
> Fix assert so that it just checks for an index less than the array size.
>
> Signed-off-by: Liam Merwick <liam.merw...@oracle.com>
> ---
> qobject/json-lexer.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/qobject/json-lexer.c b/qobject/json-lexer.c
> index a7df2093aa30..632320d72d5d 100644
> --- a/qobject/json-lexer.c
> +++ b/qobject/json-lexer.c
> @@ -266,7 +266,7 @@ static inline uint8_t next_state(JSONLexer *lexer, char
> ch, bool flush,
> {
> uint8_t next;
>
> - assert(lexer->state <= ARRAY_SIZE(json_lexer));
> + assert(lexer->state < ARRAY_SIZE(json_lexer));
> next = json_lexer[lexer->state][(uint8_t)ch];
> *char_consumed = !flush && !(next & LOOKAHEAD);
> return next & ~LOOKAHEAD;
Classic off-by-one.
Reviewed-by: Markus Armbruster <arm...@redhat.com>
and queued, thanks!
