mirror/json-c
1
0
Fork 0
mirror of https://github.com/json-c/json-c.git synced 2026-03-23 06:59:06 +08:00
Code Issues Packages Projects Releases Wiki Activity
450 Commits 14 Branches 11 Tags
deb9fa482d7bbe8544dc3cc866aec00a17aa8ff4
Commit Graph

64 Commits

Author SHA1 Message Date
Even Rouault
77a4276a8c Fix various potential null ptr deref and int32 overflows 
This fix errors that can happen when ingesting very large JSON files
when hitting the maximum heap size of the process.
 2016-01-11 12:15:54 +01:00
Anmol Sarma
467102fa78 Remove superfluous NULL checks 2015-10-01 14:14:03 +05:30
Anmol Sarma
f37b0a10a5 Fix possible memory leak 2015-10-01 14:09:09 +05:30
James Myatt
9be71700eb json_tokener requires INF and NAN 2015-03-04 10:45:35 +00:00
Eric Haszlakiewicz
68d856f618 Merge pull request #168 from bugness-chl/master 
Tightening the number parsing algorithm
 2015-03-03 22:41:31 -05:00
chl
99d8fc975e Tightening the number parsing algorithm 
Some badly formated "numbers" could get partly parsed,
resulting in truncated results instead of raising an
error.

Examples :
 '1.2.3'      -> (double)1.2
 '2015-01-15' -> (int)2015

This patch is not perfect (ex: input can still end with a 'E', which
is forbidden by json.org doc) but should avoid non-sensically
formated input.

Tests added.
 2015-02-05 01:50:37 +01:00
Michael Vetter
fcf5ad1bd6 Remove trailing whitespace 2014-08-26 14:48:59 +02:00
Eric Haszlakiewicz
d4e81f9ec8 Move the json_min() and json_max() macros to json_util.h and mark everything else in bits.h deprecated. 
Eliminate all uses of bits.h within the json-c code.
 2014-05-04 22:33:26 -04:00
Petar Koretić
259c5c0b5f Remove unused variable 'size' 2014-04-11 10:03:40 +02:00
Michael Clark
64e36901a0 Patch to address the following issues: 
* CVE-2013-6371: hash collision denial of service
* CVE-2013-6370: buffer overflow if size_t is larger than int
 2014-04-09 13:48:21 +08:00
Eric Haszlakiewicz
f9136f6852 Make the json_tokener_errors array local. It has been deprecated for a while, and json_tokener_error_desc() should be used instead. 2014-03-22 21:41:24 -04:00
Eric Haszlakiewicz
05da316b9c Issue #103: allow Infinity and -Infinity to be parsed. 2014-03-22 17:28:40 -04:00
Markus Stenberg
a1c8991e13 nan function requires -lm on some platforms; use of NAN is better, if available. 2014-03-18 16:29:49 +02:00
Eric Haszlakiewicz
0eedf3802f Issue#102 - add support for parsing "NaN". 2014-03-09 16:41:33 -04:00
Eric Haszlakiewicz
020fa65724 Merge pull request #112 from TazeTSchnitzel/LowercaseLiterals 
Only allow lowercase literals in STRICT mode
 2014-02-11 23:21:50 -05:00
Eric Haszlakiewicz
56df93d128 Fix Issue #111: Fix off-by-one error when range checking the input to json_tokener_error_desc(). 2014-02-11 23:16:53 -05:00
Andrea Faulds
bda0540cb9 Only allow lowercase literals in STRICT mode 2013-11-14 21:13:32 +00:00
Eric Haszlakiewicz
51993c28c2 Added a json_object_new_double_s() convenience function to allow an exact string representation of a double to be specified when creating the object and use it in json_tokener_parse_ex() so a re-serialized object more exactly matches the input. 
Add json_object_free_userdata() and json_object_userdata_to_json_string() too.
 2013-09-11 20:27:39 -05:00
Eric Haszlakiewicz
ef43fe3571 Merge pull request #96 from rouault/remove_strdnup 
Remove redefinition of strndup() which is no longer used in the codebase
 2013-09-08 13:35:28 -07:00
Eric Haszlakiewicz
02aa6f01f4 Merge pull request #94 from remicollet/issue-strict2 
more strictness
 2013-09-08 13:29:05 -07:00
Even Rouault
86dd55a74a Fix potential out-of-bounds read in json_tokener_error_desc 
Found by Coverity. The number of elements of an array 'ar' is found by
sizeof(ar)/sizeof(ar[0]) and not sizeof(ar)

76const char *json_tokener_error_desc(enum json_tokener_error jerr)
 77{
 78        int jerr_int = (int)jerr;

1. Condition "jerr_int < 0", taking false branch

2. Condition "jerr_int > 112 /* (int)sizeof (gdal_json_tokener_errors) */", taking false branch
 79        if (jerr_int < 0 || jerr_int > (int)sizeof(json_tokener_errors))
 80                return "Unknown error, invalid json_tokener_error value passed to json_tokener_error_desc()";

CID 1076806 (#1 of 1): Out-of-bounds read (OVERRUN)3. overrun-local: Overrunning array "gdal_json_tokener_errors" of 14 8-byte elements at element index 112 (byte offset 896) using index "jerr" (which evaluates to 112).
 81        return json_tokener_errors[jerr];
 82}
 2013-09-08 11:31:38 +02:00
Remi Collet
4039f91cab trailing char not allowed in strict mode 2013-08-23 13:40:01 +02:00
Remi Collet
87fa32dfe0 no comment in strict mode 2013-08-21 15:41:40 +02:00
Even Rouault
1a957c2edc Remove redefinition of strndup() which is no longer used in the codebase 2013-08-12 20:49:19 +02:00
Remi Collet
a07ef3d197 no single-quote string in strict mode 2013-08-06 10:41:14 +02:00
Eric Haszlakiewicz
d032aad1f4 Minor spell check. 2013-06-19 09:14:19 -05:00
Remi Collet
e9ee4ae18a in strick mode, number must not start with 0 2013-06-13 13:40:01 +02:00
Eric Haszlakiewicz
e8161a11bb Issue #15: add a way to set a JSON_TOKENER_STRICT flag to forbid commas at the end of arrays and objects. 2013-03-31 20:05:36 -05:00
William Dignazio
32eddd66f5 Fix broken build by using ADVANCE_CHAR macro return. 
We forget to check or use the return value of the ADVANCE_CHAR macro,
and upon compilation an error is thrown because of its lack of use. This
patch checks to see if the macro was successful, and if not replaces the
offending character with a replacement.
 2013-03-06 20:18:14 -05:00
William Dignazio
bb492d4d69 Rename misnomer POP_CHAR to PEEK_CHAR. 
While parsing token data, we use the POP_CHAR macro to 'peek' at
character data. This behaviour is noted in the comments for the macro,
yet the definition is left as 'pop'. Changing to PEEK_CHAR does not
imply that the character being observed is removed.
 2013-03-06 12:29:33 -05:00
Eric Haszlakiewicz
5b36a432c8 Merge branch 'remicollet-issue-float' 
Conflicts:
	json_util.c
 2013-02-26 21:09:10 -06:00
Eric Haszlakiewicz
ca8b27d183 Enable -Werror and fix a number of minor warnings that existed. 2013-02-09 16:35:24 -06:00
Eric Haszlakiewicz
56166e2dff Merge pull request #51 from remicollet/issue-dyndepth 
Make maximum recursion depth a runtime option
 2012-12-23 08:39:46 -08:00
Remi Collet
a01b659ace move locale change to be global for perf 2012-12-13 09:47:33 +01:00
Eric Haszlakiewicz
4e4af93d66 Fix issue #53 - ensure explicit length string are still NUL terminated, and fix json_tokener_parse() to work properly with embedded unicode \u0000 values in strings. 
Adjust test_null to check for this case.
See also http://bugs.debian.org/687269
 2012-12-09 16:32:11 -06:00
Remi Collet
16a4a32e29 float parsing must be locale independent 2012-11-27 11:06:49 +01:00
Remi Collet
197cb1d1c1 Make maximum recursion depth a runtime option 2012-11-27 09:01:45 +01:00
Eric Haszlakiewicz
92f31bd99a Handle the \f escape sequence (the two characters: backslash followed by an f, not a literal formfeed) and extend the test_parse test to check all valid escape sequences. 2012-07-29 12:31:07 -05:00
Mateusz Loskot
a6f39a3c0c Replaced #if HAVE_X with #ifdef HAVE_X as the former test is troublemaker with #define HAVE_X where #define HAVE_X 1|0 is meant. 2012-05-21 23:22:36 +01:00
Eric Haszlakiewicz
f931f61851 Fixed parsing numbers in E notation. ` 2012-04-24 22:17:13 -05:00
Eric Haszlakiewicz
d809fa60c5 Fix a bug in json_tokener_parse_ex when re-using the same tokener to parse multiple objects. Now, json_tokener_reset() does not need to be called after a valid object is parsed. 2012-03-31 22:53:43 -05:00
Eric Haszlakiewicz
3620cba6d0 Perform better error checking in json_tokener_parse_verbose and rewrite json_tokener_parse to use that instead of json_tokener_parse_ex. 
Fix a typo in the string represenations of the json_tokener_error_depth error (s/to deep/too deep/)
 2012-03-31 12:52:59 -05:00
Eric Haszlakiewicz
2f9091f559 Add json_tokener_get_error() and json_tokener_error_desc() to better encapsulate the process of retrieving errors while parsing. 
Add documentation for the json_tokener_parse_ex() function.
 2012-02-22 08:24:40 -06:00
Frederik Deweerdt
db050901fa json_tokener_parse(): avoid possible NULL deref 2012-01-18 17:01:19 -08:00
Jehiah Czebotar
a503ee8217 add json_tokener_parse_verbose, and return NULL on parser errors 
git-svn-id: http://svn.metaparadigm.com/svn/json-c/trunk@62 327403b1-1117-474d-bef2-5cb71233fd97
 2010-12-08 03:52:07 +00:00
ehaszla
252669cee6 Simplify things by storing integer values only as int64_t's internally, and 
omit the range check during parsing since we already have the checks when
 accessing the value. There is no longer a json_type_int64, only json_type_int.
Fix some problems with parsing 0 and -0 values, and add a couple of tests.
Fix some minor compile issues on HPUX environments.


git-svn-id: http://svn.metaparadigm.com/svn/json-c/trunk@60 327403b1-1117-474d-bef2-5cb71233fd97
 2010-12-07 18:15:35 +00:00
Michael Clark
c4dceae1c5 * Add int64 support. Two new functions json_object_net_int64 and 
json_object_get_int64. Binary compatibility preserved.
    Eric Haszlakiewicz, EHASZLA at transunion com
    Rui Miguel Silva Seabra, rms at 1407 dot org



git-svn-id: http://svn.metaparadigm.com/svn/json-c/trunk@56 327403b1-1117-474d-bef2-5cb71233fd97
 2010-10-06 16:39:20 +00:00
Brent Miller
126ad95fc4 * Add handling of surrogate pairs 
git-svn-id: http://svn.metaparadigm.com/svn/json-c/trunk@53 327403b1-1117-474d-bef2-5cb71233fd97
 2009-08-20 06:50:22 +00:00
Michael Clark
7fb9b03ffd * Rename min and max so we can never clash with C or C++ std library 
Ian Atha, thatha at yahoo-inc dot com



git-svn-id: http://svn.metaparadigm.com/svn/json-c/trunk@43 327403b1-1117-474d-bef2-5cb71233fd97
 2009-07-25 00:13:44 +00:00
Christopher Watford
b1a22ac85f Add const qualifier to the json_tokener_parse functions 
Eric Haszlakiewicz, EHASZLA at transunion dot com



git-svn-id: http://svn.metaparadigm.com/svn/json-c/trunk@42 327403b1-1117-474d-bef2-5cb71233fd97
 2009-07-08 04:02:05 +00:00