Mercurial > vim
changeset 13456:7495e3ee1a69 v8.0.1602
patch 8.0.1602: crash in parsing JSON
commit https://github.com/vim/vim/commit/625f0c1eb75da08229843fa393b1ee4e6547d285
Author: Bram Moolenaar <Bram@vim.org>
Date: Tue Mar 13 13:10:41 2018 +0100
patch 8.0.1602: crash in parsing JSON
Problem: Crash in parsing JSON.
Solution: Fail when using array or dict as dict key. (Damien)
| author | Christian Brabandt <cb@256bit.org> |
|---|---|
| date | Tue, 13 Mar 2018 13:15:06 +0100 |
| parents | 2c2be346753f |
| children | 83319c33df2c |
| files | src/json.c src/testdir/test_json.vim src/version.c |
| diffstat | 3 files changed, 18 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/src/json.c +++ b/src/json.c @@ -621,7 +621,9 @@ json_decode_item(js_read_T *reader, typv if (top_item != NULL && top_item->jd_type == JSON_OBJECT_KEY && (options & JSON_JS) && reader->js_buf[reader->js_used] != '"' - && reader->js_buf[reader->js_used] != '\'') + && reader->js_buf[reader->js_used] != '\'' + && reader->js_buf[reader->js_used] != '[' + && reader->js_buf[reader->js_used] != '{') { char_u *key; @@ -642,6 +644,11 @@ json_decode_item(js_read_T *reader, typv switch (*p) { case '[': /* start of array */ + if (top_item && top_item->jd_type == JSON_OBJECT_KEY) + { + retval = FAIL; + break; + } if (ga_grow(&stack, 1) == FAIL) { retval = FAIL; @@ -668,6 +675,11 @@ json_decode_item(js_read_T *reader, typv continue; case '{': /* start of object */ + if (top_item && top_item->jd_type == JSON_OBJECT_KEY) + { + retval = FAIL; + break; + } if (ga_grow(&stack, 1) == FAIL) { retval = FAIL;
--- a/src/testdir/test_json.vim +++ b/src/testdir/test_json.vim @@ -179,6 +179,9 @@ func Test_json_decode() call assert_fails('call json_decode("[1 2]")', "E474:") call assert_fails('call json_decode("[1,,2]")', "E474:") + + call assert_fails('call json_decode("{{}:42}")', "E474:") + call assert_fails('call json_decode("{[]:42}")', "E474:") endfunc let s:jsl5 = '[7,,,]'