[ovs-dev] [PATCH] json: Fix parsing of strings that end with a backslash.
Ben Pfaff
blp at nicira.com
Wed Jun 25 00:06:35 UTC 2014
json_string_unescape() flagged a backslash at the end of a string as an
error, but of course "\\" is a valid string. This fixes the problem.
VMware-BZ: #1275208
Reported-by: Michael Hu <mhu at nicira.com>
Signed-off-by: Ben Pfaff <blp at nicira.com>
---
lib/json.c | 14 +++++++++-----
tests/json.at | 7 +++++++
2 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/lib/json.c b/lib/json.c
index 58b248a..167c40c 100644
--- a/lib/json.c
+++ b/lib/json.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2009, 2010, 2011, 2012 Nicira, Inc.
+ * Copyright (c) 2009, 2010, 2011, 2012, 2014 Nicira, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -812,10 +812,6 @@ json_string_unescape(const char *in, size_t in_len, char **outp)
ds_init(&out);
ds_reserve(&out, in_len);
- if (in_len > 0 && in[in_len - 1] == '\\') {
- ds_put_cstr(&out, "quoted string may not end with backslash");
- goto exit;
- }
while (in < end) {
if (*in == '"') {
ds_clear(&out);
@@ -828,6 +824,14 @@ json_string_unescape(const char *in, size_t in_len, char **outp)
}
in++;
+ if (in >= end) {
+ /* The JSON parser will never trigger this message, because its
+ * lexer will never pass in a string that ends in a single
+ * backslash, but json_string_unescape() has other callers that
+ * are not as careful.*/
+ ds_put_cstr(&out, "quoted string may not end with backslash");
+ goto exit;
+ }
switch (*in++) {
case '"': case '\\': case '/':
ds_put_char(&out, in[-1]);
diff --git a/tests/json.at b/tests/json.at
index 86ae5fa..8846ac9 100644
--- a/tests/json.at
+++ b/tests/json.at
@@ -120,6 +120,13 @@ JSON_CHECK_NEGATIVE([surrogatess must paired properly],
JSON_CHECK_NEGATIVE([null bytes not allowed],
[[["\u0000"]]],
[error: null bytes not supported in quoted strings])
+dnl Check for regression against a prior bug.
+JSON_CHECK_POSITIVE([properly quoted backslash at end of string],
+ [[["\\"]]],
+ [[["\\"]]])
+JSON_CHECK_NEGATIVE([stray backslash at end of string],
+ [[["abcd\"]]],
+ [error: unexpected end of input in quoted string])
AT_SETUP([end of input in quoted string - C])
AT_KEYWORDS([json negative])
--
1.7.10.4
More information about the dev
mailing list