>From 6d58224bff821c49e91f5fe46c0e72f85e2583c6 Mon Sep 17 00:00:00 2001
From: Richard W.M. Jones <address@hidden>
Date: Fri, 20 May 2011 18:55:12 +0100
Subject: [PATCH] json: Fix parsing of integers >= 0x8000000000000000

Because of use of strtoll without any error checking, these integers
were truncated to [-0x8000000000000000, 0x7fffffffffffffff].

If you passed a high memory address to (eg.) memsave, it would get
clipped.  For example memsave with val = 0xffffffff81000000 would
actually read from address 0x7fffffffffffffff.

Replace strtoll with strtoull, and add error checking.
---
 json-parser.c |   11 ++++++++++-
 1 files changed, 10 insertions(+), 1 deletions(-)

diff --git a/json-parser.c b/json-parser.c
index 6c06ef9..3747ba5 100644
--- a/json-parser.c
+++ b/json-parser.c
@@ -512,6 +512,8 @@ static QObject *parse_literal(JSONParserContext *ctxt, QList **tokens)
 {
     QObject *token, *obj;
     QList *working = qlist_copy(*tokens);
+    const char *token_str;
+    unsigned long long ull;
 
     token = qlist_pop(working);
     switch (token_get_type(token)) {
@@ -519,7 +521,14 @@ static QObject *parse_literal(JSONParserContext *ctxt, QList **tokens)
         obj = QOBJECT(qstring_from_escaped_str(ctxt, token));
         break;
     case JSON_INTEGER:
-        obj = QOBJECT(qint_from_int(strtoll(token_get_value(token), NULL, 10)));
+        token_str = token_get_value(token);
+        errno = 0;
+        ull = strtoull(token_str, NULL, 10);
+        if (errno != 0) {
+            parse_error(ctxt, token, "invalid integer: %s", strerror(errno));
+            return NULL;
+        }
+        obj = QOBJECT(qint_from_int(ull));
         break;
     case JSON_FLOAT:
         /* FIXME dependent on locale */
-- 
1.7.5.1