power2gt incorrect for non 32bit integers about cjson HOT 9 CLOSED

It should work like this.

from cjson.

Do you mean the case where sizeof(int)!=4 ?
In the 16bit case, the buffered output length will be limited to 32k; unprebuffered output ought to work fine, but that's a bigger issue, and concerns the usage of int throughout the code, and isn't limited to just pow2gt. So far, no reports of issues with this from embedded users.

In the case of sizeof(int)>4, it means we have a maximal output size of ~2GB which needn't apply. However, I'm not totally convinced this is a major issue for a quick lightweight json library.

I'd like to close this issue and reopen it on first report of it causing a real-world issue.

from cjson.

Is it still guaranteed for 64 bit integers bigger than 2^32 that the output of pow2gt is at least as big as it's input (I can't do the bit fiddling in my head right now)?

If not, there is a heap buffer overflow in the memcpy in ensure.

from cjson.

And for systems with 16 bit integers this causes undefined behavior (right shifting by 16).

from cjson.

Is it still guaranteed for 64 bit integers bigger than 2^32 that the output of pow2gt is at least as big as it's input (I can't do the bit fiddling in my head right now)?

• Yes.

And for systems with 16 bit integers this causes undefined behavior (right shifting by 16).

• Compiler will emit a warning, which should abort compile.

from cjson.

What about something like this:

x |= x >> 1;
x |= x >> 2;
x |= x >> 4;
x |= x >> 8;
#if INT_MAX > 65536UL
x |= x >> 16;
#endif
#if INT_MAX > 4294967296UL
x |= x >> 32;
#endif

from cjson.

I need to check whether INT_MAX gets defined as 32767 rather than 65536, but in principle, something like that, yes... but moreover I'll have a trace through the code for anywhere else that might fail.

Um.. at the risk of asking an off-topic question, could I ask why it is that you're prepared to invest so much time in maintaining cJSON? In practical terms, it's inferior in every metric to RapidJSON...?

from cjson.

RapidJSON didn't exist yet when I started using cJSON and RapidJSON is written in C++, not C.

from cjson.

Awesome :D Good work! :D 👍

from cjson.