From: Kurt Schwehr <schwehr@google.com>
Date: Tue, 8 Aug 2017 14:54:38 +0000 (-0700)
Subject: Clamp double to int32 when narrowing in json_object_get_int.
X-Git-Tag: json-c-0.13-20171207~63^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F346%2Fhead;p=thirdparty%2Fjson-c.git

Clamp double to int32 when narrowing in json_object_get_int.

Avoids undefined behavior.  Found by autofuzz.
---

diff --git a/json_object.c b/json_object.c
index 8c80426f..7148731b 100644
--- a/json_object.c
+++ b/json_object.c
@@ -635,6 +635,10 @@ int32_t json_object_get_int(const struct json_object *jso)
 		return INT32_MAX;
 	return (int32_t) cint64;
   case json_type_double:
+    if (jso->o.c_double <= INT32_MIN)
+      return INT32_MIN;
+    if (jso->o.c_double >= INT32_MAX)
+      return INT32_MAX;
     return (int32_t)jso->o.c_double;
   case json_type_boolean:
     return jso->o.c_boolean;