From: HAPPY <pcy190@126.com>
Date: Fri, 16 Apr 2021 11:22:47 +0800
Subject: CVE-2021-31684: Fix indexOf

A vulnerability was discovered in the indexOf function of JSONParserByteArray
in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS)
via a crafted web request.

origin: https://github.com/netplex/json-smart-v2/commit/6ecff1c2974eaaab2e74e441bdf5ba8495227bf5.patch
bug: https://github.com/netplex/json-smart-v2/issues/67
---
 .../src/main/java/net/minidev/json/parser/JSONParserByteArray.java      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/json-smart/src/main/java/net/minidev/json/parser/JSONParserByteArray.java b/json-smart/src/main/java/net/minidev/json/parser/JSONParserByteArray.java
index 1849116..605d007 100644
--- a/json-smart/src/main/java/net/minidev/json/parser/JSONParserByteArray.java
+++ b/json-smart/src/main/java/net/minidev/json/parser/JSONParserByteArray.java
@@ -75,7 +75,7 @@ class JSONParserByteArray extends JSONParserMemory {
 	}
 
 	protected int indexOf(char c, int pos) {
-		for (int i = pos; pos < len; i++)
+		for (int i = pos; i < len; i++)
 			if (in[i] == (byte) c)
 				return i;
 		return -1;