Fix potential integer overflow

[djbn65]

This change fixes a potential integrer overflow due to assuming that unsigned is 4 bytes when there is no guarantee that unsigned types have a size of 4 bytes. The minimum required size is 2 bytes. Replace unsigned with uint32_t in GenericReader::ParseNumber to fix this issue.

[tencent-adm]

All committers have signed the CLA.

[djbn65]

I think this may address #2289 which mentions https://nvd.nist.gov/vuln/detail/CVE-2024-39684. Not 100% certain, but couldn't find a better fix.

[djbn65]

Fixes #2289

[djbn65]

@miloyip, @tencent-adm, hoping we can get this in to fix the CVE

[djbn65]

Fixes #2303

[yukta-saneja]

Hi @djbn65, why is this fix not merged to the master yet? I can see here that the CLA has been signed, is there any other blocker?

[djbn65]

Hi @djbn65, why is this fix not merged to the master yet? I can see here that the CLA has been signed, is there any other blocker?

Hey, @yukta-saneja, I do not have permissions to submit the change. Only the owners can accept the pull request and it seems they are not very responsive or even maintaining this repo anymore. I've tried emailing the owners but have gotten no response.