From 4311de5ab577db2b200b574d72fa5cd37db556af Mon Sep 17 00:00:00 2001
From: Dan Kennedy <danielk1977@gmail.com>
Date: Mon, 29 Jan 2024 15:30:35 +0000
Subject: [PATCH] Avoid a potential buffer overread when handling corrupt json
 blobs.

---
 src/json.c        | 4 ++--
 test/jsonb01.test | 4 ++++
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/json.c b/src/json.c
index d69d967934..94f5a3ef93 100644
--- a/src/json.c
+++ b/src/json.c
@@ -2073,8 +2073,8 @@ static u32 jsonbPayloadSize(const JsonParse *pParse, u32 i, u32 *pSz){
          (pParse->aBlob[i+7]<<8) + pParse->aBlob[i+8];
     n = 9;
   }
-  if( i+sz+n > pParse->nBlob
-   && i+sz+n > pParse->nBlob-pParse->delta
+  if( (i64)i+sz+n > pParse->nBlob
+   && (i64)i+sz+n > pParse->nBlob-pParse->delta
   ){
     sz = 0;
     n = 0;
diff --git a/test/jsonb01.test b/test/jsonb01.test
index d1b53ae6cc..8f16428dcc 100644
--- a/test/jsonb01.test
+++ b/test/jsonb01.test
@@ -46,4 +46,8 @@ foreach {id path res} {
   } $res
 }
 
+do_catchsql_test jsonb01-2.0 {
+  SELECT x'8ce6ffffffff171333' -> '$';
+} {1 {malformed JSON}}
+
 finish_test
-- 
2.11.4.GIT