Bug 1028486

Summary: json-c: array hardening
Product: Red Hat Enterprise Linux 7 Reporter: Florian Weimer <fweimer>
Component: json-cAssignee: Remi Collet <rcollet>
Status: CLOSED WONTFIX QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.0CC: jorton
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-17 10:36:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1028485    

Description Florian Weimer 2013-11-08 15:00:25 UTC 
The array_list_get_idx() function should check for negative indexes, too.

array_list_expand_internal() should check for negative max values and integer overflows.

This is purely hardening, there is no known security impact.
Comment 3 Florian Weimer 2015-09-21 09:03:10 UTC 
This was reported upstream: https://github.com/json-c/json-c/issues/187