changeset 21275:c14e628cd4bb v8.2.1188

patch 8.2.1188: memory leak with invalid json input Commit: https://github.com/vim/vim/commit/6d3a7213f58da834b0fc869d05f87e86010c66cf Author: Bram Moolenaar <Bram@vim.org> Date: Sun Jul 12 14:34:00 2020 +0200 patch 8.2.1188: memory leak with invalid json input Problem: Memory leak with invalid json input. Solution: Free all keys at the end. (Dominique Pell?, closes https://github.com/vim/vim/issues/6443, closes #6442)
author Bram Moolenaar <Bram@vim.org>
date Sun, 12 Jul 2020 14:45:03 +0200
parents f7f5e51a629b
children 18bfb4c4732e
files src/json.c src/testdir/test_json.vim src/version.c
diffstat 3 files changed, 8 insertions(+), 5 deletions(-) [+]
line wrap: on
line diff
--- a/src/json.c
+++ b/src/json.c
@@ -594,6 +594,7 @@ typedef struct {
 json_decode_item(js_read_T *reader, typval_T *res, int options)
 {
     char_u	*p;
+    int		i;
     int		len;
     int		retval;
     garray_T	stack;
@@ -621,9 +622,6 @@ json_decode_item(js_read_T *reader, typv
 	    if (*p == NUL)
 	    {
 		retval = MAYBE;
-		if (top_item->jd_type == JSON_OBJECT)
-		    // did get the key, clear it
-		    clear_tv(&top_item->jd_key_tv);
 		goto theend;
 	    }
 	    if (top_item->jd_type == JSON_OBJECT_KEY
@@ -925,7 +923,6 @@ json_decode_item(js_read_T *reader, typv
 		top_item->jd_key = tv_get_string_buf_chk(cur_item, key_buf);
 		if (top_item->jd_key == NULL)
 		{
-		    clear_tv(cur_item);
 		    emsg(_(e_invarg));
 		    retval = FAIL;
 		    goto theend;
@@ -1001,7 +998,6 @@ item_end:
 		{
 		    semsg(_("E938: Duplicate key in JSON: \"%s\""),
 							     top_item->jd_key);
-		    clear_tv(&top_item->jd_key_tv);
 		    clear_tv(cur_item);
 		    retval = FAIL;
 		    goto theend;
@@ -1060,7 +1056,10 @@ item_end:
     semsg(_(e_json_error), p);
 
 theend:
+    for (i = 0; i < stack.ga_len; i++)
+	clear_tv(&(((json_dec_item_T *)stack.ga_data) + i)->jd_key_tv);
     ga_clear(&stack);
+
     return retval;
 }
 
--- a/src/testdir/test_json.vim
+++ b/src/testdir/test_json.vim
@@ -201,6 +201,8 @@ func Test_json_decode()
   call assert_fails('call json_decode("\"\\u111Z\"")', 'E491:')
   call assert_equal('[😂]', json_decode('"[\uD83D\uDE02]"'))
   call assert_equal('a😂b', json_decode('"a\uD83D\uDE02b"'))
+
+  call assert_fails('call json_decode("{\"\":{\"\":{")', 'E491:')
 endfunc
 
 let s:jsl5 = '[7,,,]'
--- a/src/version.c
+++ b/src/version.c
@@ -755,6 +755,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1188,
+/**/
     1187,
 /**/
     1186,