Avoid passing (signed char) values directly to isspace(), isalnum() or isdigit() in json1.c. Cast the value to (unsigned char) first.

FossilOrigin-Name: 6713e35b8a8c997aa2717e86ce6dcd63bb993477
author: dan <dan@noemail.net> 2015-09-17 17:21:09 +0000
committer: dan <dan@noemail.net> 2015-09-17 17:21:09 +0000
commit: 2e8f5517f773af80f313f0768a42b24f295d5536 (patch)
tree: 4a2195eb0d8585a74d7f99275ea22fe8f10b4d1f /ext/misc/json1.c
parent: cf346d7a9ceae1d50aad501bbd44d39f6d3204bb (diff)
download: sqlite-2e8f5517f773af80f313f0768a42b24f295d5536.tar.gz
sqlite-2e8f5517f773af80f313f0768a42b24f295d5536.zip
1 files changed, 20 insertions, 12 deletions
diff --git a/ext/misc/json1.c b/ext/misc/json1.c
index ca6021733..b878c0a3e 100644
--- a/ext/misc/json1.c
+++ b/ext/misc/json1.c
@@ -33,6 +33,14 @@ SQLITE_EXTENSION_INIT1
 
 #define UNUSED_PARAM(X)  (void)(X)
 
+/*
+** Versions of isspace(), isalnum() and isdigit() to which it is safe
+** to pass signed char values.
+*/
+#define safe_isspace(x) isspace((unsigned char)(x))
+#define safe_isdigit(x) isdigit((unsigned char)(x))
+#define safe_isalnum(x) isalnum((unsigned char)(x))
+
 /* Unsigned integer types */
 typedef sqlite3_uint64 u64;
 typedef unsigned int u32;
@@ -585,14 +593,14 @@ static int jsonParseValue(JsonParse *pParse, u32 i){
   int iThis;
   int x;
   JsonNode *pNode;
-  while( isspace(pParse->zJson[i]) ){ i++; }
+  while( safe_isspace(pParse->zJson[i]) ){ i++; }
   if( (c = pParse->zJson[i])==0 ) return 0;
   if( c=='{' ){
     /* Parse object */
     iThis = jsonParseAddNode(pParse, JSON_OBJECT, 0, 0);
     if( iThis<0 ) return -1;
     for(j=i+1;;j++){
-      while( isspace(pParse->zJson[j]) ){ j++; }
+      while( safe_isspace(pParse->zJson[j]) ){ j++; }
       x = jsonParseValue(pParse, j);
       if( x<0 ){
         if( x==(-2) && pParse->nNode==(u32)iThis+1 ) return j+1;
@@ -603,13 +611,13 @@ static int jsonParseValue(JsonParse *pParse, u32 i){
       if( pNode->eType!=JSON_STRING ) return -1;
       pNode->jnFlags |= JNODE_LABEL;
       j = x;
-      while( isspace(pParse->zJson[j]) ){ j++; }
+      while( safe_isspace(pParse->zJson[j]) ){ j++; }
       if( pParse->zJson[j]!=':' ) return -1;
       j++;
       x = jsonParseValue(pParse, j);
       if( x<0 ) return -1;
       j = x;
-      while( isspace(pParse->zJson[j]) ){ j++; }
+      while( safe_isspace(pParse->zJson[j]) ){ j++; }
       c = pParse->zJson[j];
       if( c==',' ) continue;
       if( c!='}' ) return -1;
@@ -622,14 +630,14 @@ static int jsonParseValue(JsonParse *pParse, u32 i){
     iThis = jsonParseAddNode(pParse, JSON_ARRAY, 0, 0);
     if( iThis<0 ) return -1;
     for(j=i+1;;j++){
-      while( isspace(pParse->zJson[j]) ){ j++; }
+      while( safe_isspace(pParse->zJson[j]) ){ j++; }
       x = jsonParseValue(pParse, j);
       if( x<0 ){
         if( x==(-3) && pParse->nNode==(u32)iThis+1 ) return j+1;
         return -1;
       }
       j = x;
-      while( isspace(pParse->zJson[j]) ){ j++; }
+      while( safe_isspace(pParse->zJson[j]) ){ j++; }
       c = pParse->zJson[j];
       if( c==',' ) continue;
       if( c!=']' ) return -1;
@@ -658,17 +666,17 @@ static int jsonParseValue(JsonParse *pParse, u32 i){
     return j+1;
   }else if( c=='n'
          && strncmp(pParse->zJson+i,"null",4)==0
-         && !isalnum(pParse->zJson[i+4]) ){
+         && !safe_isalnum(pParse->zJson[i+4]) ){
     jsonParseAddNode(pParse, JSON_NULL, 0, 0);
     return i+4;
   }else if( c=='t'
          && strncmp(pParse->zJson+i,"true",4)==0
-         && !isalnum(pParse->zJson[i+4]) ){
+         && !safe_isalnum(pParse->zJson[i+4]) ){
     jsonParseAddNode(pParse, JSON_TRUE, 0, 0);
     return i+4;
   }else if( c=='f'
          && strncmp(pParse->zJson+i,"false",5)==0
-         && !isalnum(pParse->zJson[i+5]) ){
+         && !safe_isalnum(pParse->zJson[i+5]) ){
     jsonParseAddNode(pParse, JSON_FALSE, 0, 0);
     return i+5;
   }else if( c=='-' || (c>='0' && c<='9') ){
@@ -731,7 +739,7 @@ static int jsonParse(
   i = jsonParseValue(pParse, 0);
   if( pParse->oom ) i = -1;
   if( i>0 ){
-    while( isspace(zJson[i]) ) i++;
+    while( safe_isspace(zJson[i]) ) i++;
     if( zJson[i] ) i = -1;
   }
   if( i<=0 ){
@@ -862,11 +870,11 @@ static JsonNode *jsonLookupStep(
       }
       return pNode;
     }
-  }else if( zPath[0]=='[' && isdigit(zPath[1]) ){
+  }else if( zPath[0]=='[' && safe_isdigit(zPath[1]) ){
     if( pRoot->eType!=JSON_ARRAY ) return 0;
     i = 0;
     zPath++;
-    while( isdigit(zPath[0]) ){
+    while( safe_isdigit(zPath[0]) ){
       i = i*10 + zPath[0] - '0';
       zPath++;
     }
author	dan <dan@noemail.net>	2015-09-17 17:21:09 +0000
committer	dan <dan@noemail.net>	2015-09-17 17:21:09 +0000
commit	2e8f5517f773af80f313f0768a42b24f295d5536 (patch)
tree	4a2195eb0d8585a74d7f99275ea22fe8f10b4d1f /ext/misc/json1.c
parent	cf346d7a9ceae1d50aad501bbd44d39f6d3204bb (diff)
download	sqlite-2e8f5517f773af80f313f0768a42b24f295d5536.tar.gz sqlite-2e8f5517f773af80f313f0768a42b24f295d5536.zip