Fix potential vulnerable cloned function

* Changelog entry
Type: fix
Component: contrib/libs/yajl

Hi there,

I identified another vulnerability in a clone function yajl_string_decode() in `contrib/libs/yajl/yajl_encode.c` sourced from [brianmario/yajl-ruby](https://github.com/brianmario/yajl-ruby). This issue, originally reported in-16516](https://nvd.nist.gov/vuln/detail/CVE-2017-16516), was resolved in the repository via this commit https://github.com/brianmario/yajl-ruby/commit/a8ca8f476655adaa187eedc60bdc770fff3c51ce.

This PR applies the corresponding patch to fix the vulnerabilities in this codebase.

Please review at your convenience. Thank you!

---

Pull Request resolved: https://github.com/ytsaurus/ytsaurus/pull/1261
commit_hash:d98c6330759e2ae178b04885d9a87ca5d7f574f8

1 files changed, 2 insertions, 2 deletions

diff --git a/contrib/libs/yajl/src/yajl_encode.c b/contrib/libs/yajl/src/yajl_encode.c
index fd082581885..0d97cc5290c 100644
--- a/contrib/libs/yajl/src/yajl_encode.c
+++ b/contrib/libs/yajl/src/yajl_encode.c
@@ -139,8 +139,8 @@ void yajl_string_decode(yajl_buf buf, const unsigned char * str,
                     end+=3;
                     /* check if this is a surrogate */
                     if ((codepoint & 0xFC00) == 0xD800) {
-                        end++;
-                        if (str[end] == '\\' && str[end + 1] == 'u') {
+                        if (end + 2 < len && str[end + 1] == '\\' && str[end + 2] == 'u') {
+                            end++;
                             unsigned int surrogate = 0;
                             hexToDigit(&surrogate, str + end + 2);
                             codepoint =