haraldwolff
/
json
mirror of https://github.com/nlohmann/json.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

🚑 fix for #452

pull/461/head
Niels Lohmann 2017-02-15 21:30:28 +01:00
parent 82fb613763
commit b9f3149451
No known key found for this signature in database
GPG Key ID: 7F3CEA63AE251B69
4 changed files with 163 additions and 107 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

252
src/json.hpp
View File

@ -9883,22 +9883,32 @@ basic_json_parser_12:
basic_json_parser_13: basic_json_parser_13:
yyaccept = 1; yyaccept = 1;
yych = *(m_marker = ++m_cursor); yych = *(m_marker = ++m_cursor);
if (yych <= 'D') if (yych <= '9')
{ {
if (yych == '.') if (yych == '.')
{ {
goto basic_json_parser_47; goto basic_json_parser_47;
} }
if (yych >= '0')
{
goto basic_json_parser_48;
}
} }
else else
{ {
if (yych <= 'E') if (yych <= 'E')
{ {
goto basic_json_parser_48; if (yych >= 'E')
{
goto basic_json_parser_51;
}
} }
if (yych == 'e') else
{ {
goto basic_json_parser_48; if (yych == 'e')
{
goto basic_json_parser_51;
}
} }
} }
basic_json_parser_14: basic_json_parser_14:
@ -9930,11 +9940,11 @@ basic_json_parser_15:
{ {
if (yych <= 'E') if (yych <= 'E')
{ {
goto basic_json_parser_48; goto basic_json_parser_51;
} }
if (yych == 'e') if (yych == 'e')
{ {
goto basic_json_parser_48; goto basic_json_parser_51;
} }
goto basic_json_parser_14; goto basic_json_parser_14;
} }
@ -9961,7 +9971,7 @@ basic_json_parser_23:
yych = *(m_marker = ++m_cursor); yych = *(m_marker = ++m_cursor);
if (yych == 'a') if (yych == 'a')
{ {
goto basic_json_parser_49; goto basic_json_parser_52;
} }
goto basic_json_parser_5; goto basic_json_parser_5;
basic_json_parser_24: basic_json_parser_24:
@ -9969,7 +9979,7 @@ basic_json_parser_24:
yych = *(m_marker = ++m_cursor); yych = *(m_marker = ++m_cursor);
if (yych == 'u') if (yych == 'u')
{ {
goto basic_json_parser_50; goto basic_json_parser_53;
} }
goto basic_json_parser_5; goto basic_json_parser_5;
basic_json_parser_25: basic_json_parser_25:
@ -9977,7 +9987,7 @@ basic_json_parser_25:
yych = *(m_marker = ++m_cursor); yych = *(m_marker = ++m_cursor);
if (yych == 'r') if (yych == 'r')
{ {
goto basic_json_parser_51; goto basic_json_parser_54;
} }
goto basic_json_parser_5; goto basic_json_parser_5;
basic_json_parser_26: basic_json_parser_26:
@ -10078,7 +10088,7 @@ basic_json_parser_32:
} }
else else
{ {
goto basic_json_parser_55; goto basic_json_parser_58;
} }
} }
basic_json_parser_33: basic_json_parser_33:
@ -10160,7 +10170,7 @@ basic_json_parser_35:
} }
if (yych <= 'u') if (yych <= 'u')
{ {
goto basic_json_parser_52; goto basic_json_parser_55;
} }
goto basic_json_parser_32; goto basic_json_parser_32;
} }
@ -10281,22 +10291,32 @@ basic_json_parser_42:
basic_json_parser_43: basic_json_parser_43:
yyaccept = 2; yyaccept = 2;
yych = *(m_marker = ++m_cursor); yych = *(m_marker = ++m_cursor);
if (yych <= 'D') if (yych <= '9')
{ {
if (yych == '.') if (yych == '.')
{ {
goto basic_json_parser_47; goto basic_json_parser_47;
} }
if (yych >= '0')
{
goto basic_json_parser_48;
}
} }
else else
{ {
if (yych <= 'E') if (yych <= 'E')
{ {
goto basic_json_parser_48; if (yych >= 'E')
{
goto basic_json_parser_51;
}
} }
if (yych == 'e') else
{ {
goto basic_json_parser_48; if (yych == 'e')
{
goto basic_json_parser_51;
}
} }
} }
basic_json_parser_44: basic_json_parser_44:
@ -10332,13 +10352,13 @@ basic_json_parser_45:
{ {
goto basic_json_parser_44; goto basic_json_parser_44;
} }
goto basic_json_parser_48; goto basic_json_parser_51;
} }
else else
{ {
if (yych == 'e') if (yych == 'e')
{ {
goto basic_json_parser_48; goto basic_json_parser_51;
} }
goto basic_json_parser_44; goto basic_json_parser_44;
} }
@ -10351,16 +10371,36 @@ basic_json_parser_47:
} }
if (yych <= '9') if (yych <= '9')
{ {
goto basic_json_parser_53; goto basic_json_parser_56;
} }
goto basic_json_parser_32; goto basic_json_parser_32;
basic_json_parser_48: basic_json_parser_48:
++m_cursor;
if (m_limit <= m_cursor)
{
fill_line_buffer(1); // LCOV_EXCL_LINE
}
yych = *m_cursor;
if (yych <= '/')
{
goto basic_json_parser_50;
}
if (yych <= '9')
{
goto basic_json_parser_48;
}
basic_json_parser_50:
{
last_token_type = token_type::parse_error;
break;
}
basic_json_parser_51:
yych = *++m_cursor; yych = *++m_cursor;
if (yych <= ',') if (yych <= ',')
{ {
if (yych == '+') if (yych == '+')
{ {
goto basic_json_parser_56; goto basic_json_parser_59;
} }
goto basic_json_parser_32; goto basic_json_parser_32;
} }
@ -10368,7 +10408,7 @@ basic_json_parser_48:
{ {
if (yych <= '-') if (yych <= '-')
{ {
goto basic_json_parser_56; goto basic_json_parser_59;
} }
if (yych <= '/') if (yych <= '/')
{ {
@ -10376,32 +10416,32 @@ basic_json_parser_48:
} }
if (yych <= '9') if (yych <= '9')
{ {
goto basic_json_parser_57; goto basic_json_parser_60;
} }
goto basic_json_parser_32; goto basic_json_parser_32;
} }
basic_json_parser_49: basic_json_parser_52:
yych = *++m_cursor; yych = *++m_cursor;
if (yych == 'l') if (yych == 'l')
{ {
goto basic_json_parser_59; goto basic_json_parser_62;
} }
goto basic_json_parser_32; goto basic_json_parser_32;
basic_json_parser_50: basic_json_parser_53:
yych = *++m_cursor; yych = *++m_cursor;
if (yych == 'l') if (yych == 'l')
{ {
goto basic_json_parser_60; goto basic_json_parser_63;
} }
goto basic_json_parser_32; goto basic_json_parser_32;
basic_json_parser_51: basic_json_parser_54:
yych = *++m_cursor; yych = *++m_cursor;
if (yych == 'u') if (yych == 'u')
{ {
goto basic_json_parser_61; goto basic_json_parser_64;
} }
goto basic_json_parser_32; goto basic_json_parser_32;
basic_json_parser_52: basic_json_parser_55:
++m_cursor; ++m_cursor;
if (m_limit <= m_cursor) if (m_limit <= m_cursor)
{ {
@ -10416,7 +10456,7 @@ basic_json_parser_52:
} }
if (yych <= '9') if (yych <= '9')
{ {
goto basic_json_parser_62; goto basic_json_parser_65;
} }
goto basic_json_parser_32; goto basic_json_parser_32;
} }
@ -10424,7 +10464,7 @@ basic_json_parser_52:
{ {
if (yych <= 'F') if (yych <= 'F')
{ {
goto basic_json_parser_62; goto basic_json_parser_65;
} }
if (yych <= '`') if (yych <= '`')
{ {
@ -10432,11 +10472,11 @@ basic_json_parser_52:
} }
if (yych <= 'f') if (yych <= 'f')
{ {
goto basic_json_parser_62; goto basic_json_parser_65;
} }
goto basic_json_parser_32; goto basic_json_parser_32;
} }
basic_json_parser_53: basic_json_parser_56:
yyaccept = 3; yyaccept = 3;
m_marker = ++m_cursor; m_marker = ++m_cursor;
if ((m_limit - m_cursor) < 3) if ((m_limit - m_cursor) < 3)
@ -10448,30 +10488,30 @@ basic_json_parser_53:
{ {
if (yych <= '/') if (yych <= '/')
{ {
goto basic_json_parser_55; goto basic_json_parser_58;
} }
if (yych <= '9') if (yych <= '9')
{ {
goto basic_json_parser_53; goto basic_json_parser_56;
} }
} }
else else
{ {
if (yych <= 'E') if (yych <= 'E')
{ {
goto basic_json_parser_48; goto basic_json_parser_51;
} }
if (yych == 'e') if (yych == 'e')
{ {
goto basic_json_parser_48; goto basic_json_parser_51;
} }
} }
basic_json_parser_55: basic_json_parser_58:
{ {
last_token_type = token_type::value_float; last_token_type = token_type::value_float;
break; break;
} }
basic_json_parser_56: basic_json_parser_59:
yych = *++m_cursor; yych = *++m_cursor;
if (yych <= '/') if (yych <= '/')
{ {
@ -10481,7 +10521,7 @@ basic_json_parser_56:
{ {
goto basic_json_parser_32; goto basic_json_parser_32;
} }
basic_json_parser_57: basic_json_parser_60:
++m_cursor; ++m_cursor;
if (m_limit <= m_cursor) if (m_limit <= m_cursor)
{ {
@ -10490,89 +10530,35 @@ basic_json_parser_57:
yych = *m_cursor; yych = *m_cursor;
if (yych <= '/') if (yych <= '/')
{ {
goto basic_json_parser_55; goto basic_json_parser_58;
} }
if (yych <= '9') if (yych <= '9')
{ {
goto basic_json_parser_57; goto basic_json_parser_60;
} }
goto basic_json_parser_55; goto basic_json_parser_58;
basic_json_parser_59: basic_json_parser_62:
yych = *++m_cursor; yych = *++m_cursor;
if (yych == 's') if (yych == 's')
{
goto basic_json_parser_63;
}
goto basic_json_parser_32;
basic_json_parser_60:
yych = *++m_cursor;
if (yych == 'l')
{
goto basic_json_parser_64;
}
goto basic_json_parser_32;
basic_json_parser_61:
yych = *++m_cursor;
if (yych == 'e')
{ {
goto basic_json_parser_66; goto basic_json_parser_66;
} }
goto basic_json_parser_32; goto basic_json_parser_32;
basic_json_parser_62:
++m_cursor;
if (m_limit <= m_cursor)
{
fill_line_buffer(1); // LCOV_EXCL_LINE
}
yych = *m_cursor;
if (yych <= '@')
{
if (yych <= '/')
{
goto basic_json_parser_32;
}
if (yych <= '9')
{
goto basic_json_parser_68;
}
goto basic_json_parser_32;
}
else
{
if (yych <= 'F')
{
goto basic_json_parser_68;
}
if (yych <= '`')
{
goto basic_json_parser_32;
}
if (yych <= 'f')
{
goto basic_json_parser_68;
}
goto basic_json_parser_32;
}
basic_json_parser_63: basic_json_parser_63:
yych = *++m_cursor;
if (yych == 'l')
{
goto basic_json_parser_67;
}
goto basic_json_parser_32;
basic_json_parser_64:
yych = *++m_cursor; yych = *++m_cursor;
if (yych == 'e') if (yych == 'e')
{ {
goto basic_json_parser_69; goto basic_json_parser_69;
} }
goto basic_json_parser_32; goto basic_json_parser_32;
basic_json_parser_64: basic_json_parser_65:
++m_cursor;
{
last_token_type = token_type::literal_null;
break;
}
basic_json_parser_66:
++m_cursor;
{
last_token_type = token_type::literal_true;
break;
}
basic_json_parser_68:
++m_cursor; ++m_cursor;
if (m_limit <= m_cursor) if (m_limit <= m_cursor)
{ {
@ -10607,13 +10593,67 @@ basic_json_parser_68:
} }
goto basic_json_parser_32; goto basic_json_parser_32;
} }
basic_json_parser_66:
yych = *++m_cursor;
if (yych == 'e')
{
goto basic_json_parser_72;
}
goto basic_json_parser_32;
basic_json_parser_67:
++m_cursor;
{
last_token_type = token_type::literal_null;
break;
}
basic_json_parser_69: basic_json_parser_69:
++m_cursor;
{
last_token_type = token_type::literal_true;
break;
}
basic_json_parser_71:
++m_cursor;
if (m_limit <= m_cursor)
{
fill_line_buffer(1); // LCOV_EXCL_LINE
}
yych = *m_cursor;
if (yych <= '@')
{
if (yych <= '/')
{
goto basic_json_parser_32;
}
if (yych <= '9')
{
goto basic_json_parser_74;
}
goto basic_json_parser_32;
}
else
{
if (yych <= 'F')
{
goto basic_json_parser_74;
}
if (yych <= '`')
{
goto basic_json_parser_32;
}
if (yych <= 'f')
{
goto basic_json_parser_74;
}
goto basic_json_parser_32;
}
basic_json_parser_72:
++m_cursor; ++m_cursor;
{ {
last_token_type = token_type::literal_false; last_token_type = token_type::literal_false;
break; break;
} }
basic_json_parser_71: basic_json_parser_74:
++m_cursor; ++m_cursor;
if (m_limit <= m_cursor) if (m_limit <= m_cursor)
{ {

2
src/json.hpp.re2c
View File

@ -9698,6 +9698,8 @@ class basic_json
exp = e (minus | plus)? digit+; exp = e (minus | plus)? digit+;
frac = decimal_point digit+; frac = decimal_point digit+;
int = (zero | digit_1_9 digit*); int = (zero | digit_1_9 digit*);
invalid_int = minus? "0" digit+;
invalid_int { last_token_type = token_type::parse_error; break; }
number_unsigned = int; number_unsigned = int;
number_unsigned { last_token_type = token_type::value_unsigned; break; } number_unsigned { last_token_type = token_type::value_unsigned; break; }
number_integer = minus int; number_integer = minus int;

4
test/src/unit-class_parser.cpp
View File

@ -299,7 +299,9 @@ TEST_CASE("parser class")
CHECK_THROWS_AS(json::parser("+0").parse(), std::invalid_argument); CHECK_THROWS_AS(json::parser("+0").parse(), std::invalid_argument);
CHECK_THROWS_WITH(json::parser("01").parse(), CHECK_THROWS_WITH(json::parser("01").parse(),
"parse error - unexpected number literal"); "parse error - unexpected '01'");
CHECK_THROWS_WITH(json::parser("-01").parse(),
"parse error - unexpected '-01'");
CHECK_THROWS_WITH(json::parser("--1").parse(), "parse error - unexpected '-'"); CHECK_THROWS_WITH(json::parser("--1").parse(), "parse error - unexpected '-'");
CHECK_THROWS_WITH(json::parser("1.").parse(), CHECK_THROWS_WITH(json::parser("1.").parse(),
"parse error - unexpected '.'; expected end of input"); "parse error - unexpected '.'; expected end of input");

12
test/src/unit-regression.cpp
View File

@ -724,4 +724,16 @@ TEST_CASE("regression tests")
}; };
CHECK_THROWS_AS(json::from_cbor(vec2), std::out_of_range); CHECK_THROWS_AS(json::from_cbor(vec2), std::out_of_range);
} }
SECTION("issue #452 - Heap-buffer-overflow (OSS-Fuzz issue 585)")
{
std::vector<uint8_t> vec = {'-', '0', '1', '2', '2', '7', '4'};
CHECK_THROWS_AS(json::parse(vec), std::invalid_argument);
}
//SECTION("issue #454 - doubles are printed as integers")
//{
// json j = R"({"bool_value":true,"double_value":2.0,"int_value":10,"level1":{"list_value":[3,"hi",false],"tmp":5.0},"string_value":"hello"})"_json;
// CHECK(j["double_value"].is_number_integer());
//}
} }