From ab3764ed0a376633037599773010feeba64ec1a3 Mon Sep 17 00:00:00 2001
From: Petri Lehtinen <petri@digip.org>
Date: Fri, 11 Sep 2009 22:22:34 +0300
Subject: [PATCH 1/3] test/json-compare.py: Use json module from Python >=2.6
 or simplejson

Backported from master, commit 9d16ec755c9754fe1f79fe55ab719a7f8578ce37
---
 test/json-compare.py | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/test/json-compare.py b/test/json-compare.py
index 1db93da..f91530e 100755
--- a/test/json-compare.py
+++ b/test/json-compare.py
@@ -5,8 +5,11 @@
 # Jansson is free software; you can redistribute it and/or modify
 # it under the terms of the MIT license. See LICENSE for details.
 
-import simplejson
 import sys
+try:
+    import json
+except ImportError:
+    import simplejson as json
 
 def load(filename):
     try:
@@ -17,14 +20,14 @@ def load(filename):
         sys.exit(1)
 
     try:
-        json = simplejson.load(jsonfile)
+        jsondata = json.load(jsonfile)
     except ValueError, err:
         print "%s is malformed: %s" % (filename, err)
         sys.exit(1)
     finally:
         jsonfile.close()
 
-    return json
+    return jsondata
 
 def main():
     if len(sys.argv) != 3:

From 6d8c287032f9b87f1d787d41ecf9c37cdf29892c Mon Sep 17 00:00:00 2001
From: Petri Lehtinen <petri@digip.org>
Date: Sun, 13 Sep 2009 13:15:34 +0300
Subject: [PATCH 2/3] load: Check for integer and real overlfows and underflows

Backported from master, commit 5406c2b3d347505149d382213b6f318f8c35de6a:
  * deleted test/testdata/invalid-stripped because the stripped tests
    don't exist in 1.0
---
 src/load.c            | 49 +++++++++++++++++++++++++++++++++++--------
 test/testdata/invalid | 25 ++++++++++++++++++++++
 2 files changed, 65 insertions(+), 9 deletions(-)

diff --git a/src/load.c b/src/load.c
index fc3679d..5175f35 100644
--- a/src/load.c
+++ b/src/load.c
@@ -8,6 +8,7 @@
 #define _GNU_SOURCE
 #include <ctype.h>
 #include <errno.h>
+#include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -399,10 +400,11 @@ out:
     free(lex->value.string);
 }
 
-static void lex_scan_number(lex_t *lex, char c, json_error_t *error)
+static int lex_scan_number(lex_t *lex, char c, json_error_t *error)
 {
     const char *saved_text;
     char *end;
+    double value;
 
     lex->token = TOKEN_INVALID;
 
@@ -423,14 +425,26 @@ static void lex_scan_number(lex_t *lex, char c, json_error_t *error)
     }
 
     if(c != '.' && c != 'E' && c != 'e') {
+        long value;
+
         lex_unget_unsave(lex, c);
-        lex->token = TOKEN_INTEGER;
 
         saved_text = strbuffer_value(&lex->saved_text);
-        lex->value.integer = strtol(saved_text, &end, 10);
+        value = strtol(saved_text, &end, 10);
         assert(end == saved_text + lex->saved_text.length);
 
-        return;
+        if((value == LONG_MAX && errno == ERANGE) || value > INT_MAX) {
+            error_set(error, lex, "too big integer");
+            goto out;
+        }
+        else if((value == LONG_MIN && errno == ERANGE) || value < INT_MIN) {
+            error_set(error, lex, "too big negative integer");
+            goto out;
+        }
+
+        lex->token = TOKEN_INTEGER;
+        lex->value.integer = (int)value;
+        return 0;
     }
 
     if(c == '.') {
@@ -460,14 +474,29 @@ static void lex_scan_number(lex_t *lex, char c, json_error_t *error)
     }
 
     lex_unget_unsave(lex, c);
-    lex->token = TOKEN_REAL;
 
     saved_text = strbuffer_value(&lex->saved_text);
-    lex->value.real = strtod(saved_text, &end);
+    value = strtod(saved_text, &end);
     assert(end == saved_text + lex->saved_text.length);
 
+    if(value == 0 && errno == ERANGE) {
+        error_set(error, lex, "real number underflow");
+        goto out;
+    }
+
+    /* Cannot test for +/-HUGE_VAL because the HUGE_VAL constant is
+       only defined in C99 mode. So let's trust in sole errno. */
+    else if(errno == ERANGE) {
+        error_set(error, lex, "real number overflow");
+        goto out;
+    }
+
+    lex->token = TOKEN_REAL;
+    lex->value.real = value;
+    return 0;
+
 out:
-    return;
+    return -1;
 }
 
 static int lex_scan(lex_t *lex, json_error_t *error)
@@ -506,8 +535,10 @@ static int lex_scan(lex_t *lex, json_error_t *error)
     else if(c == '"')
         lex_scan_string(lex, error);
 
-    else if(isdigit(c) || c == '-')
-        lex_scan_number(lex, c, error);
+    else if(isdigit(c) || c == '-') {
+        if(lex_scan_number(lex, c, error))
+            goto out;
+    }
 
     else if(isupper(c) || islower(c)) {
         /* eat up the whole identifier for clearer error messages */
diff --git a/test/testdata/invalid b/test/testdata/invalid
index 2887692..1a70422 100644
--- a/test/testdata/invalid
+++ b/test/testdata/invalid
@@ -127,6 +127,21 @@ invalid token near '1e'
 ====
 1
 invalid token near '1e'
+==== real-positive-overflow ====
+[123123e100000]
+====
+1
+real number overflow near '123123e100000'
+==== real-negative-overflow ====
+[-123123e100000]
+====
+1
+real number overflow near '-123123e100000'
+==== real-underflow ====
+[123e-10000000]
+====
+1
+real number underflow near '123e-10000000'
 ==== integer-starting-with-zero ====
 [012]
 ====
@@ -137,6 +152,16 @@ invalid token near '0'
 ====
 1
 invalid token near '-0'
+==== too-big-positive-integer ====
+[123123123123123]
+====
+1
+too big integer near '123123123123123'
+==== too-big-negative-integer ====
+[-123123123123123]
+====
+1
+too big negative integer near '-123123123123123'
 ==== invalid-identifier ====
 [troo
 ====

From b7bf96996f4db14c75499ddb529d5017893ad294 Mon Sep 17 00:00:00 2001
From: Petri Lehtinen <petri@digip.org>
Date: Mon, 14 Sep 2009 14:32:41 +0300
Subject: [PATCH 3/3] jansson 1.0.3

---
 CHANGES         | 10 ++++++++++
 configure.ac    |  2 +-
 doc/conf.py     |  2 +-
 src/Makefile.am |  2 +-
 4 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/CHANGES b/CHANGES
index 6211d86..b755ca0 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,11 +1,21 @@
+Version 1.0.3, released 2009-09-14
+
+* Check for integer and real overflows and underflows in decoder
+* Use the Python json module for tests, or simplejson if the json
+  module is not found
+* Distribute changelog (this file)
+
+
 Version 1.0.2, released 2009-09-08
 
 * Handle EOF correctly in decoder
 
+
 Version 1.0.1, released 2009-09-04
 
 * Fixed broken json_is_boolean()
 
+
 Version 1.0, released 2009-08-25
 
 * Initial release
diff --git a/configure.ac b/configure.ac
index 4a8c8e5..78d4c74 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 AC_PREREQ([2.63])
-AC_INIT([jansson], [1.0.2], [petri@digip.org])
+AC_INIT([jansson], [1.0.3], [petri@digip.org])
 
 AM_INIT_AUTOMAKE([1.10 foreign])
 
diff --git a/doc/conf.py b/doc/conf.py
index 0b0b6a9..4d6bb7f 100644
--- a/doc/conf.py
+++ b/doc/conf.py
@@ -52,7 +52,7 @@ copyright = u'2009, Petri Lehtinen'
 # The short X.Y version.
 version = '1.0'
 # The full version, including alpha/beta/rc tags.
-release = '1.0.2'
+release = '1.0.3'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
diff --git a/src/Makefile.am b/src/Makefile.am
index 528e50a..04dfae0 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -13,6 +13,6 @@ libjansson_la_SOURCES = \
 	utf.h \
 	util.h \
 	value.c
-libjansson_la_LDFLAGS = -version-info 0:2:0
+libjansson_la_LDFLAGS = -version-info 0:3:0
 
 AM_CFLAGS = -Wall -Wextra -Werror -std=c99