From 7b14f920df8c01af8e361145fd42858acd5b309d Mon Sep 17 00:00:00 2001
From: Botond Baranyi <botond.baranyi@ericsson.com>
Date: Mon, 5 Dec 2016 16:19:26 +0100
Subject: [PATCH] Fixed memory allocation error in decoding universal
 charstring JSON default values (artf399982)

Change-Id: Ie23111c17763830f98d6e7b7c002f2e46d4c2c29
Signed-off-by: Botond Baranyi <botond.baranyi@ericsson.com>
---
 core/Charstring.cc                           | 2 +-
 core/Universal_charstring.cc                 | 6 +++---
 regression_test/json/AttributeTestcases.ttcn | 8 ++++----
 regression_test/json/Types.ttcn              | 2 +-
 4 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/core/Charstring.cc b/core/Charstring.cc
index 0387a6228..007759b54 100644
--- a/core/Charstring.cc
+++ b/core/Charstring.cc
@@ -1626,7 +1626,7 @@ boolean CHARSTRING::from_JSON_string(const char* p_value, size_t p_value_len, bo
     }
   }
   
-  // The charstring will be shorter than the JSON string, at least by the 2 quotes
+  // The resulting string (its length is less than or equal to end - start)
   char* str = (char*)Malloc(end - start);
   size_t len = 0;
   boolean error = FALSE;
diff --git a/core/Universal_charstring.cc b/core/Universal_charstring.cc
index f5ef2f276..d007fee2a 100644
--- a/core/Universal_charstring.cc
+++ b/core/Universal_charstring.cc
@@ -2421,9 +2421,9 @@ boolean UNIVERSAL_CHARSTRING::from_JSON_string(boolean check_quotes)
     }
   }
   
-  // The resulting string will be shorter than the JSON string, at least by the 2 quotes
-  universal_char* ustr = (universal_char*)Malloc((json_len - 2) * sizeof(universal_char));
-  memset(ustr, 0, sizeof(universal_char) * (json_len - 2));
+  // The resulting string (its length is less than or equal to end - start)
+  universal_char* ustr = (universal_char*)Malloc((end - start) * sizeof(universal_char));
+  memset(ustr, 0, sizeof(universal_char) * (end - start));
   int ustr_len = 0;
   boolean error = FALSE;
   
diff --git a/regression_test/json/AttributeTestcases.ttcn b/regression_test/json/AttributeTestcases.ttcn
index 1073db852..8976d4ef7 100644
--- a/regression_test/json/AttributeTestcases.ttcn
+++ b/regression_test/json/AttributeTestcases.ttcn
@@ -175,9 +175,9 @@ testcase tc_attribute_union() runs on MTC {
 // The decoder will attempt to decode each field and the first to successfully decode the value
 // will be the selected one (thus the order of the fields is important)
 testcase tc_attribute_as_value() runs on MTC {
-  var Stuff stuff := { { ival := 18 }, { osval := '1D66FE'O }, { csval := "almafa" }, { bval := true }, { fval := 1.8e-20}, { ucsval := "almácska" }, { bsval := '1101101'B }, { prodval := { name := "Shoe", price := 79.99, code := 'A4C'H } }, { roival := { 1, 3, 3, 7 } }, { prod2val := { "Car", 14000.0, omit } }, { sizeval := Large }, { unival := { hsval := 'EE0'H } }, { unival := { rocsval := { "one", "two", "ten" } } } };
+  var Stuff stuff := { { ival := 18 }, { osval := '1D66FE'O }, { csval := "almafa" }, { bval := true }, { fval := 1.8e-20}, { ucsval := "almácska" }, { bsval := '1101101'B }, { prodval := { name := "Shoe", price := 79.99, code := 'A4C'H } }, { roival := { 1, 3, 3, 7 } }, { prod2val := { "Car", 14000.0, omit } }, { sizeval := Large }, { unival := { hsval := 'EE0'H } }, { unival := { rocsval := { "one", "two", "ten" } } } };
 
-  var octetstring os := unichar2oct("[18,\"1D66FE\",\"almafa\",true,1.800000e-20,\"almácska\",\"1101101\",{\"name\":\"Shoe\",\"price\":79.990000,\"code\":\"A4C\"},[1,3,3,7],{\"name\":\"Car\",\"price\":14000.000000},\"Large\",\"EE0\",[\"one\",\"two\",\"ten\"]]", "UTF-8");
+  var octetstring os := unichar2oct("[18,\"1D66FE\",\"almafa\",true,1.800000e-20,\"almácska\",\"1101101\",{\"name\":\"Shoe\",\"price\":79.990000,\"code\":\"A4C\"},[1,3,3,7],{\"name\":\"Car\",\"price\":14000.000000},\"Large\",\"EE0\",[\"one\",\"two\",\"ten\"]]", "UTF-8");
   f_check_encoding(encoded:= f_enc_stuff(stuff) , expected := os);
   f_bool2verdict( match(f_dec_stuff(f_enc_stuff(stuff)), stuff) );
   setverdict(pass);
@@ -186,7 +186,7 @@ testcase tc_attribute_as_value() runs on MTC {
 // Testing default values for record fields (decoding only)
 testcase tc_attribute_default() runs on MTC {
   var octetstring os := char2oct("{}");
-  var RecDef d := { i := -19, f := 1000000.000000, b := false, bs := '101'B, hs := 'DEAD'H, os := '1DE7'O, cs := "empty", ucs := "üres", size := Tiny, vt := fail };
+  var RecDef d := { i := -19, f := 1000000.000000, b := false, bs := '101'B, hs := 'DEAD'H, os := '1DE7'O, cs := "empty", ucs := "üres", size := Tiny, vt := fail };
   f_bool2verdict( match(f_dec_def(os), d) );
 
   os := char2oct("{ \"b\" : null }");
@@ -365,7 +365,7 @@ control {
   execute(tc_attribute_prettyprint2());
   execute(tc_attribute_union());
   execute(tc_attribute_as_value());
-  //execute(tc_attribute_default());
+  execute(tc_attribute_default());
   execute(tc_attribute_as_value_asn());
   execute(tc_attribute_optional_as_value());
   execute(tc_attribute_metainfo_for_unbound());
diff --git a/regression_test/json/Types.ttcn b/regression_test/json/Types.ttcn
index f89ac4dca..2d79a35bb 100644
--- a/regression_test/json/Types.ttcn
+++ b/regression_test/json/Types.ttcn
@@ -183,7 +183,7 @@ type record RecDef {
   variant(f) "JSON:default(1.0e6)";
   variant(size) "JSON:default(Tiny)";
   variant(os) "JSON : default(1DE7)";
-  variant(ucs) "JSON:default(üres)";
+  variant(ucs) "JSON:default(üres)";
   variant(bs) "JSON:default (101)";
   variant(hs) "JSON:default(DEAD)";
   variant(vt) "JSON:default(fail)";
-- 
GitLab