mirror of
https://github.com/qpdf/qpdf.git
synced 2024-12-22 02:49:00 +00:00
In JSONParser::getToken handle legal control chars early
Also, reject them in strings.
This commit is contained in:
parent
f5b7448a27
commit
ee32235f54
@ -723,10 +723,11 @@ JSONParser::handle_u_code(
|
||||
void
|
||||
JSONParser::tokenError()
|
||||
{
|
||||
if (bytes == 0) {
|
||||
if (done) {
|
||||
QTC::TC("libtests", "JSON parse ls premature end of input");
|
||||
throw std::runtime_error("JSON: premature end of input");
|
||||
}
|
||||
|
||||
if (lex_state == ls_u4) {
|
||||
QTC::TC("libtests", "JSON parse bad hex after u");
|
||||
throw std::runtime_error(
|
||||
@ -737,6 +738,11 @@ JSONParser::tokenError()
|
||||
throw std::runtime_error(
|
||||
"JSON: offset " + std::to_string(offset) +
|
||||
": keyword: unexpected character " + std::string(p, 1));
|
||||
} else if (lex_state == ls_string) {
|
||||
QTC::TC("libtests", "JSON parse control char in string");
|
||||
throw std::runtime_error(
|
||||
"JSON: offset " + std::to_string(offset) +
|
||||
": control character in string (missing \"?)");
|
||||
} else if (lex_state == ls_backslash) {
|
||||
QTC::TC("libtests", "JSON parse backslash bad character");
|
||||
throw std::runtime_error(
|
||||
@ -779,6 +785,7 @@ JSONParser::tokenError()
|
||||
"JSON: offset " + std::to_string(offset) +
|
||||
": numeric literal: unexpected character " + std::string(p, 1));
|
||||
}
|
||||
throw std::logic_error("JSON::tokenError : unhandled error");
|
||||
}
|
||||
|
||||
void
|
||||
@ -792,7 +799,7 @@ JSONParser::getToken()
|
||||
unsigned long high_surrogate = 0;
|
||||
qpdf_offset_t high_offset = 0;
|
||||
|
||||
while (!done) {
|
||||
while (true) {
|
||||
if (p == (buf + bytes)) {
|
||||
p = buf;
|
||||
bytes = is.read(buf, sizeof(buf));
|
||||
@ -808,17 +815,19 @@ JSONParser::getToken()
|
||||
// end the current token (unless we are still before the start
|
||||
// of the token).
|
||||
if (lex_state == ls_top) {
|
||||
// Continue with token
|
||||
++p;
|
||||
++offset;
|
||||
} else {
|
||||
// done
|
||||
break;
|
||||
}
|
||||
|
||||
} else {
|
||||
QTC::TC("libtests", "JSON parse null character");
|
||||
throw std::runtime_error(
|
||||
"JSON: control or null character at offset " +
|
||||
std::to_string(offset));
|
||||
}
|
||||
}
|
||||
} else {
|
||||
action = append;
|
||||
switch (lex_state) {
|
||||
case ls_top:
|
||||
@ -826,12 +835,16 @@ JSONParser::getToken()
|
||||
if (*p == '"') {
|
||||
lex_state = ls_string;
|
||||
action = ignore;
|
||||
} else if (QUtil::is_space(*p)) {
|
||||
} else if (*p == ' ') {
|
||||
action = ignore;
|
||||
} else if (*p == ',') {
|
||||
lex_state = ls_comma;
|
||||
action = ignore;
|
||||
ready = true;
|
||||
} else if (*p == ',') {
|
||||
lex_state = ls_comma;
|
||||
action = ignore;
|
||||
ready = true;
|
||||
} else if (*p == ':') {
|
||||
lex_state = ls_colon;
|
||||
action = ignore;
|
||||
@ -884,7 +897,7 @@ JSONParser::getToken()
|
||||
case ls_number_leading_zero:
|
||||
if (*p == '.') {
|
||||
lex_state = ls_number_point;
|
||||
} else if (QUtil::is_space(*p)) {
|
||||
} else if (*p == ' ') {
|
||||
lex_state = ls_number;
|
||||
action = ignore;
|
||||
ready = true;
|
||||
@ -907,7 +920,7 @@ JSONParser::getToken()
|
||||
// continue
|
||||
} else if (*p == '.') {
|
||||
lex_state = ls_number_point;
|
||||
} else if (QUtil::is_space(*p)) {
|
||||
} else if (*p == ' ') {
|
||||
lex_state = ls_number;
|
||||
action = ignore;
|
||||
ready = true;
|
||||
@ -933,7 +946,7 @@ JSONParser::getToken()
|
||||
case ls_number_after_point:
|
||||
if ((*p >= '0') && (*p <= '9')) {
|
||||
// continue
|
||||
} else if (QUtil::is_space(*p)) {
|
||||
} else if (*p == ' ') {
|
||||
lex_state = ls_number;
|
||||
action = ignore;
|
||||
ready = true;
|
||||
@ -970,7 +983,7 @@ JSONParser::getToken()
|
||||
// We only get here after we have seen an exponent.
|
||||
if ((*p >= '0') && (*p <= '9')) {
|
||||
// continue
|
||||
} else if (QUtil::is_space(*p)) {
|
||||
} else if (*p == ' ') {
|
||||
action = ignore;
|
||||
ready = true;
|
||||
} else if (strchr("{}[]:,", *p)) {
|
||||
@ -984,7 +997,7 @@ JSONParser::getToken()
|
||||
case ls_alpha:
|
||||
if ((*p >= 'a') && (*p <= 'z')) {
|
||||
// okay
|
||||
} else if (QUtil::is_space(*p)) {
|
||||
} else if (*p == ' ') {
|
||||
action = ignore;
|
||||
ready = true;
|
||||
} else if (strchr("{}[]:,", *p)) {
|
||||
@ -1063,7 +1076,11 @@ JSONParser::getToken()
|
||||
}
|
||||
if (++u_count == 4) {
|
||||
handle_u_code(
|
||||
u_value, offset - 5, high_surrogate, high_offset, token);
|
||||
u_value,
|
||||
offset - 5,
|
||||
high_surrogate,
|
||||
high_offset,
|
||||
token);
|
||||
lex_state = ls_string;
|
||||
}
|
||||
break;
|
||||
@ -1084,11 +1101,15 @@ JSONParser::getToken()
|
||||
break;
|
||||
}
|
||||
if (ready) {
|
||||
break;
|
||||
return;
|
||||
}
|
||||
}
|
||||
if (done) {
|
||||
if (!token.empty() && !ready) {
|
||||
}
|
||||
|
||||
// We only get here if on end of input or if the last character was a
|
||||
// control character.
|
||||
|
||||
if (!token.empty()) {
|
||||
switch (lex_state) {
|
||||
case ls_top:
|
||||
// Can't happen
|
||||
@ -1111,7 +1132,6 @@ JSONParser::getToken()
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
void
|
||||
JSONParser::handleToken()
|
||||
|
@ -79,6 +79,7 @@ JSON parse number minus no digits 0
|
||||
JSON parse incomplete number 0
|
||||
JSON parse keyword bad character 0
|
||||
JSON parse backslash bad character 0
|
||||
JSON parse control char in string 0
|
||||
JSON parse leading zero 0
|
||||
JSON parse ls premature end of input 0
|
||||
JSON parse bad hex after u 0
|
||||
|
@ -125,10 +125,10 @@ my @bad = (
|
||||
"e after minus", # 42
|
||||
"missing digit after e", # 43
|
||||
"missing digit after e+/-", # 44
|
||||
# "tab char in string", # 45
|
||||
# "cr char in string", # 46
|
||||
# "lf char in string", # 47
|
||||
# "bs char in string", # 48
|
||||
"tab char in string", # 45
|
||||
"cr char in string", # 46
|
||||
"lf char in string", # 47
|
||||
"bs char in string", # 48
|
||||
);
|
||||
|
||||
my $i = 0;
|
||||
|
@ -1 +1 @@
|
||||
exception: bad-01.json: JSON: offset 9: material follows end of object: junk
|
||||
exception: bad-01.json: JSON: offset 8: material follows end of object: junk
|
||||
|
@ -1 +1 @@
|
||||
exception: bad-02.json: JSON: offset 11: material follows end of object: junk
|
||||
exception: bad-02.json: JSON: offset 10: material follows end of object: junk
|
||||
|
@ -1 +1 @@
|
||||
exception: bad-03.json: JSON: offset 16: material follows end of object: junk
|
||||
exception: bad-03.json: JSON: offset 15: material follows end of object: junk
|
||||
|
@ -1 +1 @@
|
||||
exception: bad-27.json: JSON: premature end of input
|
||||
exception: bad-27.json: JSON: offset 5: control character in string (missing "?)
|
||||
|
@ -1 +1 @@
|
||||
"Tab in str\ting"
|
||||
exception: bad-45.json: JSON: offset 11: control character in string (missing "?)
|
||||
|
@ -1 +1 @@
|
||||
"cr in str\ring"
|
||||
exception: bad-46.json: JSON: offset 10: control character in string (missing "?)
|
||||
|
@ -1 +1 @@
|
||||
"lf in str\ning"
|
||||
exception: bad-47.json: JSON: offset 10: control character in string (missing "?)
|
||||
|
Loading…
Reference in New Issue
Block a user