generic-library/rapidjson
1
0
Fork 0
mirror of https://github.com/Tencent/rapidjson.git synced 2025-03-09 19:24:23 +01:00
Code Issues Projects Releases Wiki Activity

Add safe checks in parsing compound types.

Browse Source 
Compound types (object and array) call ParseString() and ParseValue()
for key and values. If there is parse errors inside those calls, it
should stop continue parsing. Otherwise, it may be possible to continue
parsing and calling handler incorrectly.
For example, in ["a\u,","b"], \u generates an error (it should follow
but 4 hex digits), the parser continues to treat the first comma as
element separator, and treat "," as a JSON string and call the handler.
It may be unacceptable in the application code.
This commit is contained in:
Milo Yip 2014-06-26 23:35:13 +08:00
parent 3d9dd745a1
commit a1a8abd0d9
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
include/rapidjson/reader.h
View File

@ -277,6 +277,9 @@ private:
RAPIDJSON_PARSE_ERROR("Name of an object member must be a string", is.Tell()); RAPIDJSON_PARSE_ERROR("Name of an object member must be a string", is.Tell());
ParseString<parseFlags>(is, handler); ParseString<parseFlags>(is, handler);
if (HasParseError())
return;
SkipWhitespace(is); SkipWhitespace(is);
if (is.Take() != ':') if (is.Take() != ':')
@ -285,6 +288,9 @@ private:
SkipWhitespace(is); SkipWhitespace(is);
ParseValue<parseFlags>(is, handler); ParseValue<parseFlags>(is, handler);
if (HasParseError())
return;
SkipWhitespace(is); SkipWhitespace(is);
++memberCount; ++memberCount;
@ -313,6 +319,9 @@ private:
for (SizeType elementCount = 0;;) { for (SizeType elementCount = 0;;) {
ParseValue<parseFlags>(is, handler); ParseValue<parseFlags>(is, handler);
if (HasParseError())
return;
++elementCount; ++elementCount;
SkipWhitespace(is); SkipWhitespace(is);