From d2bc6b002c636d034f0bd9b3bd7de6595c3fe76a Mon Sep 17 00:00:00 2001
From: Masaaki Goshima <goccy54@gmail.com>
Date: Tue, 25 Aug 2020 00:56:01 +0900
Subject: [PATCH] Add validation for decode_float

---
 decode_float.go | 53 ++++++++++++++++++++++++++++++++++---------------
 1 file changed, 37 insertions(+), 16 deletions(-)

diff --git a/decode_float.go b/decode_float.go
index 6da1cd6..1829009 100644
--- a/decode_float.go
+++ b/decode_float.go
@@ -13,22 +13,37 @@ func newFloatDecoder(op func(uintptr, float64)) *floatDecoder {
 	return &floatDecoder{op: op}
 }
 
-var floatTable = [256]bool{
-	'0': true,
-	'1': true,
-	'2': true,
-	'3': true,
-	'4': true,
-	'5': true,
-	'6': true,
-	'7': true,
-	'8': true,
-	'9': true,
-	'.': true,
-	'e': true,
-	'E': true,
-	'+': true,
-}
+var (
+	floatTable = [256]bool{
+		'0': true,
+		'1': true,
+		'2': true,
+		'3': true,
+		'4': true,
+		'5': true,
+		'6': true,
+		'7': true,
+		'8': true,
+		'9': true,
+		'.': true,
+		'e': true,
+		'E': true,
+		'+': true,
+		'-': true,
+	}
+
+	validEndNumberChar = [256]bool{
+		nul:  true,
+		' ':  true,
+		'\t': true,
+		'\r': true,
+		'\n': true,
+		',':  true,
+		':':  true,
+		'}':  true,
+		']':  true,
+	}
+)
 
 func floatBytes(s *stream) []byte {
 	start := s.cursor
@@ -97,6 +112,9 @@ func (d *floatDecoder) decodeStream(s *stream, p uintptr) error {
 	if err != nil {
 		return err
 	}
+	if !validEndNumberChar[s.char()] {
+		return errUnexpectedEndOfJSON("float", s.totalOffset())
+	}
 	str := *(*string)(unsafe.Pointer(&bytes))
 	f64, err := strconv.ParseFloat(str, 64)
 	if err != nil {
@@ -112,6 +130,9 @@ func (d *floatDecoder) decode(buf []byte, cursor int64, p uintptr) (int64, error
 		return 0, err
 	}
 	cursor = c
+	if !validEndNumberChar[buf[cursor]] {
+		return 0, errUnexpectedEndOfJSON("float", cursor)
+	}
 	s := *(*string)(unsafe.Pointer(&bytes))
 	f64, err := strconv.ParseFloat(s, 64)
 	if err != nil {