json: Fix buffer overflow in cJSON.c
* src/cJSON.c (parse_string): Correctly detect bad hex.
The call to parse_hex4 checks that only hex digits follow and in the
error case returns 0. However, by the time of the combined check for
an invalid value and the error PTR has already been set to the last
hex character and thus if the end-of-string or a quote character was
one of the bad hex digits the loop will miss the end of the string
which does not match with the simple buffer length allocation test at
the begin of the function.
- Signed-off-by: Werner Koch <wk@gnupg.org>