facebook-json: fixed a size overflow with string duplication

Unlike json_parser_load_from_data(), g_strndup() will not handle signed
sizes that are negative. This causes the size to overflow to a really
large value, and in turn lead to a segmentation fault.

The solution is simple: calculate the size of the data when the given
size is negative.

This bug was introduced by 0121bae.

1 files changed, 6 insertions, 1 deletions

diff --git a/facebook/facebook-json.c b/facebook/facebook-json.c
index 9176f03..f4d3c0d 100644
--- a/facebook/facebook-json.c
+++ b/facebook/facebook-json.c
@@ -256,9 +256,14 @@ fb_json_node_new(const gchar *data, gssize size, GError **error)
     JsonNode *root;
     JsonParser *prsr;
 
+    g_return_val_if_fail(data != NULL, NULL);
+
+    if (size < 0) {
+        size = strlen(data);
+    }
+
     /* Ensure data is null terminated for json-glib < 1.0.2 */
     slice = g_strndup(data, size);
-
     prsr = json_parser_new();
 
     if (!json_parser_load_from_data(prsr, slice, size, error)) {