From c50f109f050b66508bbdd760de85e9b18ff750f3 Mon Sep 17 00:00:00 2001
From: iceman1001 <iceman@iuse.se>
Date: Sun, 12 May 2024 19:14:17 +0200
Subject: [PATCH] the failed compiling on MINGW/proxspace warns over a overflow
 in buffer[5],  the return value in utf8_check_first() can be 0 - 4,  which
 used later in loop as index with 1 as start offset. a 4 will overflow the
 buffer[5].  Increased buffer with to just in case to support the zero
 terminator.   Another option where this code will bail out is,   0 is goto
 out,  1 will trigger the assert and break client.  A bit ruff I say.

---
 CHANGELOG.md               | 1 +
 client/deps/jansson/load.c | 8 ++++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 62e67431f..a1b23944d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 
 ## [unreleased][unreleased]
+- Fixed overflow in deps/jansson library (@iceman1001)
 - Added `lf hitag crack2` -  WIP.  Trying to add the second attack vector against Hitag2 (@iceman1001)
 - Changed `hf 14b reader --plot` - made the anticollision signal trace download optional (@iceman1001)
 - Added `lf_hitag_crypto.trace` - trace file of a complete read out of a Hitag2 in crypto mode (@iceman1001)
diff --git a/client/deps/jansson/load.c b/client/deps/jansson/load.c
index 52b9bed89..783cbb202 100644
--- a/client/deps/jansson/load.c
+++ b/client/deps/jansson/load.c
@@ -54,7 +54,7 @@ typedef int (*get_func)(void *data);
 typedef struct {
     get_func get;
     void *data;
-    char buffer[5];
+    char buffer[7];
     size_t buffer_pos;
     int state;
     int line;
@@ -179,11 +179,15 @@ static int stream_get(stream_t *stream, json_error_t *error) {
             size_t i, count;
 
             count = utf8_check_first(c);
-            if (!count)
+            if (count == 0) {
                 goto out;
+            }
+
+            // whatif count == 1 ?!?
 
             assert(count >= 2);
 
+            // if count == 4 ,   i will become 5 and overflow.
             for (i = 1; i < count; i++)
                 stream->buffer[i] = stream->get(stream->data);