diff options
| author | drh <> | 2023-10-10 18:42:08 +0000 |
|---|---|---|
| committer | drh <> | 2023-10-10 18:42:08 +0000 |
| commit | 59ded6b5f112793ff67957b731ab26e2eefa6dd8 (patch) | |
| tree | 0356c259a8fb1638499a348946ac68b5925665c4 /src/json.c | |
| parent | d88f378c7d316a9523485504b31705ca1040e2fe (diff) | |
| download | sqlite-59ded6b5f112793ff67957b731ab26e2eefa6dd8.tar.gz sqlite-59ded6b5f112793ff67957b731ab26e2eefa6dd8.zip | |
Improved robustness when translating corrupt JSONB into JSON text.
FossilOrigin-Name: 0caa320d9099adbaf98e3719003dbdc4d158abcb3d8a1af20fbcd4c08c970f4a
Diffstat (limited to 'src/json.c')
| -rw-r--r-- | src/json.c | 22 |
1 files changed, 17 insertions, 5 deletions
diff --git a/src/json.c b/src/json.c index 2d68aef11..a8f0049e7 100644 --- a/src/json.c +++ b/src/json.c @@ -3353,7 +3353,10 @@ static u32 jsonXlateBlobToText( for(k=0; k<sz2 && zIn[k]!='\\'; k++){} if( k>0 ){ jsonAppendRawNZ(pOut, zIn, k); - if( sz2<=k ) break; + if( sz2<=k ){ + pOut->eErr |= JSTRING_MALFORMED; + break; + } zIn += k; sz2 -= k; } @@ -3369,6 +3372,7 @@ static u32 jsonXlateBlobToText( jsonAppendRawNZ(pOut, "\\u00", 4); jsonAppendRawNZ(pOut, &zIn[2], 2); if( sz2<2 ){ + pOut->eErr |= JSTRING_MALFORMED; sz2 = 0; }else{ zIn += 2; @@ -3387,9 +3391,14 @@ static u32 jsonXlateBlobToText( case '\n': break; case 0xe2: - assert( sz2>=4 ); - assert( 0x80==(u8)zIn[2] ); - assert( 0xa8==(u8)zIn[3] || 0xa9==(u8)zIn[3] ); + if( sz2<4 + || 0x80!=(u8)zIn[2] + || (0xa8!=(u8)zIn[3] && 0xa9!=(u8)zIn[3]) + ){ + pOut->eErr |= JSTRING_MALFORMED; + k = sz2; + break; + } zIn += 2; sz2 -= 2; break; @@ -3397,7 +3406,10 @@ static u32 jsonXlateBlobToText( jsonAppendRawNZ(pOut, zIn, 2); break; } - if( sz2<2 ) break; + if( sz2<2 ){ + pOut->eErr |= JSTRING_MALFORMED; + break; + } zIn += 2; sz2 -= 2; } |