2
1
mirror of https://github.com/qpdf/qpdf.git synced 2024-12-22 02:49:00 +00:00

In JSONParser::getToken handle legal control chars early

Also, reject them in strings.
This commit is contained in:
m-holger 2023-01-29 15:21:29 +00:00
parent f5b7448a27
commit ee32235f54
11 changed files with 313 additions and 292 deletions

View File

@ -723,10 +723,11 @@ JSONParser::handle_u_code(
void
JSONParser::tokenError()
{
if (bytes == 0) {
if (done) {
QTC::TC("libtests", "JSON parse ls premature end of input");
throw std::runtime_error("JSON: premature end of input");
}
if (lex_state == ls_u4) {
QTC::TC("libtests", "JSON parse bad hex after u");
throw std::runtime_error(
@ -737,6 +738,11 @@ JSONParser::tokenError()
throw std::runtime_error(
"JSON: offset " + std::to_string(offset) +
": keyword: unexpected character " + std::string(p, 1));
} else if (lex_state == ls_string) {
QTC::TC("libtests", "JSON parse control char in string");
throw std::runtime_error(
"JSON: offset " + std::to_string(offset) +
": control character in string (missing \"?)");
} else if (lex_state == ls_backslash) {
QTC::TC("libtests", "JSON parse backslash bad character");
throw std::runtime_error(
@ -779,6 +785,7 @@ JSONParser::tokenError()
"JSON: offset " + std::to_string(offset) +
": numeric literal: unexpected character " + std::string(p, 1));
}
throw std::logic_error("JSON::tokenError : unhandled error");
}
void
@ -792,7 +799,7 @@ JSONParser::getToken()
unsigned long high_surrogate = 0;
qpdf_offset_t high_offset = 0;
while (!done) {
while (true) {
if (p == (buf + bytes)) {
p = buf;
bytes = is.read(buf, sizeof(buf));
@ -808,17 +815,19 @@ JSONParser::getToken()
// end the current token (unless we are still before the start
// of the token).
if (lex_state == ls_top) {
// Continue with token
++p;
++offset;
} else {
// done
break;
}
} else {
QTC::TC("libtests", "JSON parse null character");
throw std::runtime_error(
"JSON: control or null character at offset " +
std::to_string(offset));
}
}
} else {
action = append;
switch (lex_state) {
case ls_top:
@ -826,12 +835,16 @@ JSONParser::getToken()
if (*p == '"') {
lex_state = ls_string;
action = ignore;
} else if (QUtil::is_space(*p)) {
} else if (*p == ' ') {
action = ignore;
} else if (*p == ',') {
lex_state = ls_comma;
action = ignore;
ready = true;
} else if (*p == ',') {
lex_state = ls_comma;
action = ignore;
ready = true;
} else if (*p == ':') {
lex_state = ls_colon;
action = ignore;
@ -884,7 +897,7 @@ JSONParser::getToken()
case ls_number_leading_zero:
if (*p == '.') {
lex_state = ls_number_point;
} else if (QUtil::is_space(*p)) {
} else if (*p == ' ') {
lex_state = ls_number;
action = ignore;
ready = true;
@ -907,7 +920,7 @@ JSONParser::getToken()
// continue
} else if (*p == '.') {
lex_state = ls_number_point;
} else if (QUtil::is_space(*p)) {
} else if (*p == ' ') {
lex_state = ls_number;
action = ignore;
ready = true;
@ -933,7 +946,7 @@ JSONParser::getToken()
case ls_number_after_point:
if ((*p >= '0') && (*p <= '9')) {
// continue
} else if (QUtil::is_space(*p)) {
} else if (*p == ' ') {
lex_state = ls_number;
action = ignore;
ready = true;
@ -970,7 +983,7 @@ JSONParser::getToken()
// We only get here after we have seen an exponent.
if ((*p >= '0') && (*p <= '9')) {
// continue
} else if (QUtil::is_space(*p)) {
} else if (*p == ' ') {
action = ignore;
ready = true;
} else if (strchr("{}[]:,", *p)) {
@ -984,7 +997,7 @@ JSONParser::getToken()
case ls_alpha:
if ((*p >= 'a') && (*p <= 'z')) {
// okay
} else if (QUtil::is_space(*p)) {
} else if (*p == ' ') {
action = ignore;
ready = true;
} else if (strchr("{}[]:,", *p)) {
@ -1063,7 +1076,11 @@ JSONParser::getToken()
}
if (++u_count == 4) {
handle_u_code(
u_value, offset - 5, high_surrogate, high_offset, token);
u_value,
offset - 5,
high_surrogate,
high_offset,
token);
lex_state = ls_string;
}
break;
@ -1084,11 +1101,15 @@ JSONParser::getToken()
break;
}
if (ready) {
break;
return;
}
}
if (done) {
if (!token.empty() && !ready) {
}
// We only get here if on end of input or if the last character was a
// control character.
if (!token.empty()) {
switch (lex_state) {
case ls_top:
// Can't happen
@ -1111,7 +1132,6 @@ JSONParser::getToken()
}
}
}
}
void
JSONParser::handleToken()

View File

@ -79,6 +79,7 @@ JSON parse number minus no digits 0
JSON parse incomplete number 0
JSON parse keyword bad character 0
JSON parse backslash bad character 0
JSON parse control char in string 0
JSON parse leading zero 0
JSON parse ls premature end of input 0
JSON parse bad hex after u 0

View File

@ -125,10 +125,10 @@ my @bad = (
"e after minus", # 42
"missing digit after e", # 43
"missing digit after e+/-", # 44
# "tab char in string", # 45
# "cr char in string", # 46
# "lf char in string", # 47
# "bs char in string", # 48
"tab char in string", # 45
"cr char in string", # 46
"lf char in string", # 47
"bs char in string", # 48
);
my $i = 0;

View File

@ -1 +1 @@
exception: bad-01.json: JSON: offset 9: material follows end of object: junk
exception: bad-01.json: JSON: offset 8: material follows end of object: junk

View File

@ -1 +1 @@
exception: bad-02.json: JSON: offset 11: material follows end of object: junk
exception: bad-02.json: JSON: offset 10: material follows end of object: junk

View File

@ -1 +1 @@
exception: bad-03.json: JSON: offset 16: material follows end of object: junk
exception: bad-03.json: JSON: offset 15: material follows end of object: junk

View File

@ -1 +1 @@
exception: bad-27.json: JSON: premature end of input
exception: bad-27.json: JSON: offset 5: control character in string (missing "?)

View File

@ -1 +1 @@
"Tab in str\ting"
exception: bad-45.json: JSON: offset 11: control character in string (missing "?)

View File

@ -1 +1 @@
"cr in str\ring"
exception: bad-46.json: JSON: offset 10: control character in string (missing "?)

View File

@ -1 +1 @@
"lf in str\ning"
exception: bad-47.json: JSON: offset 10: control character in string (missing "?)