Ensure that the label for a JSON object really is a string and not an array

or object that just happens to end with a string. dbsqfuzz 32f62ed8676d0a153dbe756aeae3202d3670fe50. FossilOrigin-Name: c335737c2889722ea05b732a5efff8a2f31140c18ca038c41e05c2a26e0db5bd
author: drh <> 2023-05-08 11:11:08 +0000
committer: drh <> 2023-05-08 11:11:08 +0000
commit: c42bbfc550233cb8888ac8754b9d3c3cb9778928 (patch)
tree: 106fd8111a464cc5e74a2e630df92c037f502a19 /src/json.c
parent: 6d841fdc8946675ee95aa3a0930159f4f9936ec1 (diff)
download: sqlite-c42bbfc550233cb8888ac8754b9d3c3cb9778928.tar.gz
sqlite-c42bbfc550233cb8888ac8754b9d3c3cb9778928.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/src/json.c b/src/json.c
index f3a24d6df..8735634c8 100644
--- a/src/json.c
+++ b/src/json.c
@@ -1085,6 +1085,7 @@ json_parse_restart:
       return -1;
     }
     for(j=i+1;;j++){
+      u32 nNode = pParse->nNode;
       x = jsonParseValue(pParse, j);
       if( x<=0 ){
         if( x==(-2) ){
@@ -1111,7 +1112,7 @@ json_parse_restart:
         }
       }
       if( pParse->oom ) return -1;
-      pNode = &pParse->aNode[pParse->nNode-1];
+      pNode = &pParse->aNode[nNode];
       if( pNode->eType!=JSON_STRING ){
         pParse->iErr = j;
         return -1;
author	drh <>	2023-05-08 11:11:08 +0000
committer	drh <>	2023-05-08 11:11:08 +0000
commit	c42bbfc550233cb8888ac8754b9d3c3cb9778928 (patch)
tree	106fd8111a464cc5e74a2e630df92c037f502a19 /src/json.c
parent	6d841fdc8946675ee95aa3a0930159f4f9936ec1 (diff)
download	sqlite-c42bbfc550233cb8888ac8754b9d3c3cb9778928.tar.gz sqlite-c42bbfc550233cb8888ac8754b9d3c3cb9778928.zip