octoleo/qpdf
2
1
Fork 0
mirror of https://github.com/qpdf/qpdf.git synced 2024-12-22 10:58:58 +00:00
Code Issues Releases Wiki Activity

In JSONParser::getToken handle legal control chars early

Browse Source 
Also, reject them in strings.
This commit is contained in:
m-holger 2023-01-29 15:21:29 +00:00
parent f5b7448a27
commit ee32235f54
11 changed files with 313 additions and 292 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
libqpdf/JSON.cc
View File

@ -723,10 +723,11 @@ JSONParser::handle_u_code(
void void
JSONParser::tokenError() JSONParser::tokenError()
{ {
if (bytes == 0) { if (done) {
QTC::TC("libtests", "JSON parse ls premature end of input"); QTC::TC("libtests", "JSON parse ls premature end of input");
throw std::runtime_error("JSON: premature end of input"); throw std::runtime_error("JSON: premature end of input");
} }
if (lex_state == ls_u4) { if (lex_state == ls_u4) {
QTC::TC("libtests", "JSON parse bad hex after u"); QTC::TC("libtests", "JSON parse bad hex after u");
throw std::runtime_error( throw std::runtime_error(
@ -737,6 +738,11 @@ JSONParser::tokenError()
throw std::runtime_error( throw std::runtime_error(
"JSON: offset " + std::to_string(offset) + "JSON: offset " + std::to_string(offset) +
": keyword: unexpected character " + std::string(p, 1)); ": keyword: unexpected character " + std::string(p, 1));
} else if (lex_state == ls_string) {
QTC::TC("libtests", "JSON parse control char in string");
throw std::runtime_error(
"JSON: offset " + std::to_string(offset) +
": control character in string (missing \"?)");
} else if (lex_state == ls_backslash) { } else if (lex_state == ls_backslash) {
QTC::TC("libtests", "JSON parse backslash bad character"); QTC::TC("libtests", "JSON parse backslash bad character");
throw std::runtime_error( throw std::runtime_error(
@ -779,6 +785,7 @@ JSONParser::tokenError()
"JSON: offset " + std::to_string(offset) + "JSON: offset " + std::to_string(offset) +
": numeric literal: unexpected character " + std::string(p, 1)); ": numeric literal: unexpected character " + std::string(p, 1));
} }
throw std::logic_error("JSON::tokenError : unhandled error");
} }
void void
@ -792,7 +799,7 @@ JSONParser::getToken()
unsigned long high_surrogate = 0; unsigned long high_surrogate = 0;
qpdf_offset_t high_offset = 0; qpdf_offset_t high_offset = 0;
while (!done) { while (true) {
if (p == (buf + bytes)) { if (p == (buf + bytes)) {
p = buf; p = buf;
bytes = is.read(buf, sizeof(buf)); bytes = is.read(buf, sizeof(buf));
@ -808,17 +815,19 @@ JSONParser::getToken()
// end the current token (unless we are still before the start // end the current token (unless we are still before the start
// of the token). // of the token).
if (lex_state == ls_top) { if (lex_state == ls_top) {
// Continue with token ++p;
++offset;
} else { } else {
// done break;
} }
} else { } else {
QTC::TC("libtests", "JSON parse null character"); QTC::TC("libtests", "JSON parse null character");
throw std::runtime_error( throw std::runtime_error(
"JSON: control or null character at offset " + "JSON: control or null character at offset " +
std::to_string(offset)); std::to_string(offset));
} }
} } else {
action = append; action = append;
switch (lex_state) { switch (lex_state) {
case ls_top: case ls_top:
@ -826,12 +835,16 @@ JSONParser::getToken()
if (*p == '"') { if (*p == '"') {
lex_state = ls_string; lex_state = ls_string;
action = ignore; action = ignore;
} else if (QUtil::is_space(*p)) { } else if (*p == ' ') {
action = ignore; action = ignore;
} else if (*p == ',') { } else if (*p == ',') {
lex_state = ls_comma; lex_state = ls_comma;
action = ignore; action = ignore;
ready = true; ready = true;
} else if (*p == ',') {
lex_state = ls_comma;
action = ignore;
ready = true;
} else if (*p == ':') { } else if (*p == ':') {
lex_state = ls_colon; lex_state = ls_colon;
action = ignore; action = ignore;
@ -884,7 +897,7 @@ JSONParser::getToken()
case ls_number_leading_zero: case ls_number_leading_zero:
if (*p == '.') { if (*p == '.') {
lex_state = ls_number_point; lex_state = ls_number_point;
} else if (QUtil::is_space(*p)) { } else if (*p == ' ') {
lex_state = ls_number; lex_state = ls_number;
action = ignore; action = ignore;
ready = true; ready = true;
@ -907,7 +920,7 @@ JSONParser::getToken()
// continue // continue
} else if (*p == '.') { } else if (*p == '.') {
lex_state = ls_number_point; lex_state = ls_number_point;
} else if (QUtil::is_space(*p)) { } else if (*p == ' ') {
lex_state = ls_number; lex_state = ls_number;
action = ignore; action = ignore;
ready = true; ready = true;
@ -933,7 +946,7 @@ JSONParser::getToken()
case ls_number_after_point: case ls_number_after_point:
if ((*p >= '0') && (*p <= '9')) { if ((*p >= '0') && (*p <= '9')) {
// continue // continue
} else if (QUtil::is_space(*p)) { } else if (*p == ' ') {
lex_state = ls_number; lex_state = ls_number;
action = ignore; action = ignore;
ready = true; ready = true;
@ -970,7 +983,7 @@ JSONParser::getToken()
// We only get here after we have seen an exponent. // We only get here after we have seen an exponent.
if ((*p >= '0') && (*p <= '9')) { if ((*p >= '0') && (*p <= '9')) {
// continue // continue
} else if (QUtil::is_space(*p)) { } else if (*p == ' ') {
action = ignore; action = ignore;
ready = true; ready = true;
} else if (strchr("{}[]:,", *p)) { } else if (strchr("{}[]:,", *p)) {
@ -984,7 +997,7 @@ JSONParser::getToken()
case ls_alpha: case ls_alpha:
if ((*p >= 'a') && (*p <= 'z')) { if ((*p >= 'a') && (*p <= 'z')) {
// okay // okay
} else if (QUtil::is_space(*p)) { } else if (*p == ' ') {
action = ignore; action = ignore;
ready = true; ready = true;
} else if (strchr("{}[]:,", *p)) { } else if (strchr("{}[]:,", *p)) {
@ -1063,7 +1076,11 @@ JSONParser::getToken()
} }
if (++u_count == 4) { if (++u_count == 4) {
handle_u_code( handle_u_code(
u_value, offset - 5, high_surrogate, high_offset, token); u_value,
offset - 5,
high_surrogate,
high_offset,
token);
lex_state = ls_string; lex_state = ls_string;
} }
break; break;
@ -1084,11 +1101,15 @@ JSONParser::getToken()
break; break;
} }
if (ready) { if (ready) {
break; return;
} }
} }
if (done) { }
if (!token.empty() && !ready) {
// We only get here if on end of input or if the last character was a
// control character.
if (!token.empty()) {
switch (lex_state) { switch (lex_state) {
case ls_top: case ls_top:
// Can't happen // Can't happen
@ -1110,7 +1131,6 @@ JSONParser::getToken()
tokenError(); tokenError();
} }
} }
}
} }
void void

1
libtests/libtests.testcov
View File

@ -79,6 +79,7 @@ JSON parse number minus no digits 0
JSON parse incomplete number 0 JSON parse incomplete number 0
JSON parse keyword bad character 0 JSON parse keyword bad character 0
JSON parse backslash bad character 0 JSON parse backslash bad character 0
JSON parse control char in string 0
JSON parse leading zero 0 JSON parse leading zero 0
JSON parse ls premature end of input 0 JSON parse ls premature end of input 0
JSON parse bad hex after u 0 JSON parse bad hex after u 0

8
libtests/qtest/json_parse.test
View File

@ -125,10 +125,10 @@ my @bad = (
"e after minus", # 42 "e after minus", # 42
"missing digit after e", # 43 "missing digit after e", # 43
"missing digit after e+/-", # 44 "missing digit after e+/-", # 44
# "tab char in string", # 45 "tab char in string", # 45
# "cr char in string", # 46 "cr char in string", # 46
# "lf char in string", # 47 "lf char in string", # 47
# "bs char in string", # 48 "bs char in string", # 48
); );
my $i = 0; my $i = 0;

2
libtests/qtest/json_parse/bad-01.out
View File

@ -1 +1 @@
exception: bad-01.json: JSON: offset 9: material follows end of object: junk exception: bad-01.json: JSON: offset 8: material follows end of object: junk

2
libtests/qtest/json_parse/bad-02.out
View File

@ -1 +1 @@
exception: bad-02.json: JSON: offset 11: material follows end of object: junk exception: bad-02.json: JSON: offset 10: material follows end of object: junk

2
libtests/qtest/json_parse/bad-03.out
View File

@ -1 +1 @@
exception: bad-03.json: JSON: offset 16: material follows end of object: junk exception: bad-03.json: JSON: offset 15: material follows end of object: junk

2
libtests/qtest/json_parse/bad-27.out
View File

@ -1 +1 @@
exception: bad-27.json: JSON: premature end of input exception: bad-27.json: JSON: offset 5: control character in string (missing "?)

2
libtests/qtest/json_parse/bad-45.out
View File

@ -1 +1 @@
"Tab in str\ting" exception: bad-45.json: JSON: offset 11: control character in string (missing "?)

2
libtests/qtest/json_parse/bad-46.out
View File

@ -1 +1 @@
"cr in str\ring" exception: bad-46.json: JSON: offset 10: control character in string (missing "?)

2
libtests/qtest/json_parse/bad-47.out
View File

@ -1 +1 @@
"lf in str\ning" exception: bad-47.json: JSON: offset 10: control character in string (missing "?)