From a8f3474996af9390eb7166dddd5f4c62bb0ae4c1 Mon Sep 17 00:00:00 2001 From: Michael Krasnyk Date: Sun, 7 Jan 2018 12:50:45 +0100 Subject: [PATCH] Use unsigned type in percent_encoding to prevent overflow for %80..%ff Related fix in Boost.Spirit https://github.com/boostorg/spirit/commit/80414bc68868b27e1fd865cbbbc1a6db229825a5 --- CHANGELOG.md | 1 + src/server/api/url_parser.cpp | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 83eb57dd2..f98d7fb9d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,7 @@ - Changes from 5.14.3: - Bugfixes: - FIXED #4704: Fixed regression in bearings reordering introduced in 5.13 [#4704](https://github.com/Project-OSRM/osrm-backend/issues/4704) + - FIXED #4781: Fixed overflow exceptions in percent-encoding parsing - Guidance: - CHANGED #4706: Guidance refactoring step to decouple intersection connectivity analysis and turn instructions generation [#4706](https://github.com/Project-OSRM/osrm-backend/pull/4706) diff --git a/src/server/api/url_parser.cpp b/src/server/api/url_parser.cpp index baa5f8047..ebd82341f 100644 --- a/src/server/api/url_parser.cpp +++ b/src/server/api/url_parser.cpp @@ -27,7 +27,8 @@ struct URLParser final : qi::grammar using boost::spirit::repository::qi::iter_pos; alpha_numeral = qi::char_("a-zA-Z0-9"); - percent_encoding = qi::char_('%') > qi::uint_parser()[qi::_val = qi::_1]; + percent_encoding = + qi::char_('%') > qi::uint_parser()[qi::_val = qi::_1]; polyline_chars = qi::char_("a-zA-Z0-9_.--[]{}@?|\\~`^") | percent_encoding; all_chars = polyline_chars | qi::char_("=,;:&().");