diff options
| author | drh <> | 2024-01-20 12:13:00 +0000 |
|---|---|---|
| committer | drh <> | 2024-01-20 12:13:00 +0000 |
| commit | 777a08893bd08bfed6fc09e498912fb63d974d83 (patch) | |
| tree | 9a422fa4f2b30c859dbbf44a233acda61f23b07e /src/json.c | |
| parent | a74a7f5b9e6e9beaf69ae23ff90296d3948d7dd7 (diff) | |
| download | sqlite-777a08893bd08bfed6fc09e498912fb63d974d83.tar.gz sqlite-777a08893bd08bfed6fc09e498912fb63d974d83.zip | |
When backing out a character in a constructed string in JSON, first make sure
the string has not been reset by on OOM.
dbsqlfuzz 2fffbea91a5376526ea118d4fe4188c8dd35e317.
FossilOrigin-Name: 666690eb433fe38fa527ccbbb8e2c00041a33939da4f6b8bfb737d664f28f0d8
Diffstat (limited to 'src/json.c')
| -rw-r--r-- | src/json.c | 24 |
1 files changed, 17 insertions, 7 deletions
diff --git a/src/json.c b/src/json.c index 97cf5fe28..d33692466 100644 --- a/src/json.c +++ b/src/json.c @@ -589,6 +589,16 @@ static void jsonAppendChar(JsonString *p, char c){ } } +/* Remove a single character from the end of the string +*/ +static void jsonStringTrimOneChar(JsonString *p){ + if( p->eErr==0 ){ + assert( p->nUsed>0 ); + p->nUsed--; + } +} + + /* Make sure there is a zero terminator on p->zBuf[] ** ** Return true on success. Return false if an OOM prevents this @@ -596,7 +606,7 @@ static void jsonAppendChar(JsonString *p, char c){ */ static int jsonStringTerminate(JsonString *p){ jsonAppendChar(p, 0); - p->nUsed--; + jsonStringTrimOneChar(p); return p->eErr==0; } @@ -2261,7 +2271,7 @@ static u32 jsonTranslateBlobToText( j = jsonTranslateBlobToText(pParse, j, pOut); jsonAppendChar(pOut, ','); } - if( sz>0 ) pOut->nUsed--; + if( sz>0 ) jsonStringTrimOneChar(pOut); jsonAppendChar(pOut, ']'); break; } @@ -2275,7 +2285,7 @@ static u32 jsonTranslateBlobToText( jsonAppendChar(pOut, (x++ & 1) ? ',' : ':'); } if( x & 1 ) pOut->eErr |= JSTRING_MALFORMED; - if( sz>0 ) pOut->nUsed--; + if( sz>0 ) jsonStringTrimOneChar(pOut); jsonAppendChar(pOut, '}'); break; } @@ -4403,7 +4413,7 @@ static void jsonArrayCompute(sqlite3_context *ctx, int isFinal){ if( isFinal ){ if( !pStr->bStatic ) sqlite3RCStrUnref(pStr->zBuf); }else{ - pStr->nUsed--; + jsonStringTrimOneChar(pStr); } return; }else if( isFinal ){ @@ -4413,7 +4423,7 @@ static void jsonArrayCompute(sqlite3_context *ctx, int isFinal){ pStr->bStatic = 1; }else{ sqlite3_result_text(ctx, pStr->zBuf, (int)pStr->nUsed, SQLITE_TRANSIENT); - pStr->nUsed--; + jsonStringTrimOneChar(pStr); } }else{ sqlite3_result_text(ctx, "[]", 2, SQLITE_STATIC); @@ -4523,7 +4533,7 @@ static void jsonObjectCompute(sqlite3_context *ctx, int isFinal){ if( isFinal ){ if( !pStr->bStatic ) sqlite3RCStrUnref(pStr->zBuf); }else{ - pStr->nUsed--; + jsonStringTrimOneChar(pStr); } return; }else if( isFinal ){ @@ -4533,7 +4543,7 @@ static void jsonObjectCompute(sqlite3_context *ctx, int isFinal){ pStr->bStatic = 1; }else{ sqlite3_result_text(ctx, pStr->zBuf, (int)pStr->nUsed, SQLITE_TRANSIENT); - pStr->nUsed--; + jsonStringTrimOneChar(pStr); } }else{ sqlite3_result_text(ctx, "{}", 2, SQLITE_STATIC); |