From 28ec26e7ca9b1909c65939cea7f55fc72c55ed9c Mon Sep 17 00:00:00 2001
From: jgeboski <jgeboski@gmail.com>
Date: Sun, 20 Dec 2015 20:26:24 -0500
Subject: facebook-json: fixed a size overflow with string duplication

Unlike json_parser_load_from_data(), g_strndup() will not handle signed
sizes that are negative. This causes the size to overflow to a really
large value, and in turn lead to a segmentation fault.

The solution is simple: calculate the size of the data when the given
size is negative.

This bug was introduced by 0121bae.
---
 facebook/facebook-json.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/facebook/facebook-json.c b/facebook/facebook-json.c
index 9176f03..f4d3c0d 100644
--- a/facebook/facebook-json.c
+++ b/facebook/facebook-json.c
@@ -256,9 +256,14 @@ fb_json_node_new(const gchar *data, gssize size, GError **error)
     JsonNode *root;
     JsonParser *prsr;
 
+    g_return_val_if_fail(data != NULL, NULL);
+
+    if (size < 0) {
+        size = strlen(data);
+    }
+
     /* Ensure data is null terminated for json-glib < 1.0.2 */
     slice = g_strndup(data, size);
-
     prsr = json_parser_new();
 
     if (!json_parser_load_from_data(prsr, slice, size, error)) {
-- 
cgit v1.2.3