diff options
| author | drh <> | 2025-05-10 15:53:17 +0000 |
|---|---|---|
| committer | drh <> | 2025-05-10 15:53:17 +0000 |
| commit | 844b457950c1858dca3fc5ed8fb1bda464381a7f (patch) | |
| tree | 8926f912c45892e8c73274ce03fe832c34f5eeaf /src/json.c | |
| parent | 733aff3be84661849b462c8095b105347eb68049 (diff) | |
| download | sqlite-844b457950c1858dca3fc5ed8fb1bda464381a7f.tar.gz sqlite-844b457950c1858dca3fc5ed8fb1bda464381a7f.zip | |
Add enforcement of the obscure JSON5 syntax rule that the \0 escape
sequence must not be followed by a digit.
[forum:/forumpost/c061e87faf7d1c55|Forum post c061e87faf].
FossilOrigin-Name: 83c7477f2b9b0d6cb54cf6b14bf3c8ef4807e4bddc7986d275cf6717da8606b7
Diffstat (limited to 'src/json.c')
| -rw-r--r-- | src/json.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/json.c b/src/json.c index edd1df54f..e1b019d78 100644 --- a/src/json.c +++ b/src/json.c @@ -1756,7 +1756,8 @@ json_parse_restart: || c=='n' || c=='r' || c=='t' || (c=='u' && jsonIs4Hex(&z[j+1])) ){ if( opcode==JSONB_TEXT ) opcode = JSONB_TEXTJ; - }else if( c=='\'' || c=='0' || c=='v' || c=='\n' + }else if( c=='\'' || c=='v' || c=='\n' + || (c=='0' && !sqlite3Isdigit(z[j+1])) || (0xe2==(u8)c && 0x80==(u8)z[j+1] && (0xa8==(u8)z[j+2] || 0xa9==(u8)z[j+2])) || (c=='x' && jsonIs2Hex(&z[j+1])) ){ @@ -2724,7 +2725,10 @@ static u32 jsonUnescapeOneChar(const char *z, u32 n, u32 *piOut){ case 'r': { *piOut = '\r'; return 2; } case 't': { *piOut = '\t'; return 2; } case 'v': { *piOut = '\v'; return 2; } - case '0': { *piOut = 0; return 2; } + case '0': { + *piOut = (n>2 && sqlite3Isdigit(z[2])) ? JSON_INVALID_CHAR : 0; + return 2; + } case '\'': case '"': case '/': |