fix: add escape sequence validation

fix #335
This commit is contained in:
Nao Yonashiro 2022-04-29 17:16:25 +09:00
parent 83eb186989
commit 42805aa953
2 changed files with 16 additions and 0 deletions

View File

@ -3959,3 +3959,12 @@ func TestIssue362(t *testing.T) {
assertErr(t, err) assertErr(t, err)
assertEq(t, "TestEmbeddedPrimitiveAlias", originalCombiner, newCombiner) assertEq(t, "TestEmbeddedPrimitiveAlias", originalCombiner, newCombiner)
} }
func TestIssue335(t *testing.T) {
var v []string
in := []byte(`["\u","A"]`)
err := json.Unmarshal(in, &v)
if err == nil {
t.Errorf("unexpected success")
}
}

View File

@ -2,6 +2,7 @@ package decoder
import ( import (
"bytes" "bytes"
"fmt"
"reflect" "reflect"
"unicode" "unicode"
"unicode/utf16" "unicode/utf16"
@ -323,6 +324,12 @@ func (d *stringDecoder) decodeByte(buf []byte, cursor int64) ([]byte, int64, err
if cursor+5 >= buflen { if cursor+5 >= buflen {
return nil, 0, errors.ErrUnexpectedEndOfJSON("escaped string", cursor) return nil, 0, errors.ErrUnexpectedEndOfJSON("escaped string", cursor)
} }
for i := int64(1); i <= 4; i++ {
c := char(b, cursor+i)
if !(('0' <= c && c <= '9') || ('a' <= c && c <= 'f') || ('A' <= c && c <= 'F')) {
return nil, 0, errors.ErrSyntax(fmt.Sprintf("json: invalid character %c in \\u hexadecimal character escape", c), cursor+i)
}
}
cursor += 5 cursor += 5
default: default:
return nil, 0, errors.ErrUnexpectedEndOfJSON("escaped string", cursor) return nil, 0, errors.ErrUnexpectedEndOfJSON("escaped string", cursor)