Fix segfault in json ignoring of invalid UTF8

author Jakub Zelenka <bukka@php.net>

Sun, 6 Aug 2017 16:20:31 +0000 (17:20 +0100)

committer Jakub Zelenka <bukka@php.net>

Sun, 6 Aug 2017 16:20:31 +0000 (17:20 +0100)
author Jakub Zelenka <bukka@php.net>
Sun, 6 Aug 2017 16:20:31 +0000 (17:20 +0100)
committer Jakub Zelenka <bukka@php.net>
Sun, 6 Aug 2017 16:20:31 +0000 (17:20 +0100)
diff --git a/ext/json/json_scanner.c b/ext/json/json_scanner.c

index 462a99d0136c525f902866bfc030f176eee7d555..786f3027d9a032215fa502c4b3b05f28f76a7de8 100644 (file)
--- a/ext/json/json_scanner.c
+++ b/ext/json/json_scanner.c
@@ -292,6 +292,7 @@ yy14:
                         {
                 s->str_start = s->cursor;
                 s->str_esc = 0;
+               s->utf8_invalid_count = 0;
                 PHP_JSON_CONDITION_SET_AND_GOTO(STR_P1);
         }
  yy16:
diff --git a/ext/json/json_scanner.re b/ext/json/json_scanner.re

index d26e035481100f2a9149011b4fe5a6648ad24edc..e87790ac769cc084daa1123f69fec161160fe499 100644 (file)
--- a/ext/json/json_scanner.re
+++ b/ext/json/json_scanner.re
@@ -209,6 +209,7 @@ std:
         <JS>["]                  {
                 s->str_start = s->cursor;
                 s->str_esc = 0;
+               s->utf8_invalid_count = 0;
                 PHP_JSON_CONDITION_SET_AND_GOTO(STR_P1);
         }
         <JS>CTRL                 {
diff --git a/ext/json/tests/json_decode_invalid_utf8.phpt b/ext/json/tests/json_decode_invalid_utf8.phpt

index 725fe9be965bcf987a5eda73ab72374b57414bd6..d92f785424b6dfac77967d59a05d0de40a90269e 100644 (file)
--- a/ext/json/tests/json_decode_invalid_utf8.phpt
+++ b/ext/json/tests/json_decode_invalid_utf8.phpt
@@ -9,11 +9,17 @@ if (!extension_loaded("json")) print "skip";
  function json_decode_invalid_utf8($str) {
         var_dump(json_decode($str));
         var_dump(json_decode($str, true, 512, JSON_INVALID_UTF8_IGNORE));
-       var_dump(bin2hex(json_decode($str, true, 512, JSON_INVALID_UTF8_SUBSTITUTE)));
+       $json = json_decode($str, true, 512, JSON_INVALID_UTF8_SUBSTITUTE);
+       if (is_array($json)) {
+               var_dump(array_map(function($item) { return bin2hex($item); }, $json));
+       } else {
+               var_dump(bin2hex($json));
+       }
  }
  json_decode_invalid_utf8("\"a\xb0b\"");
  json_decode_invalid_utf8("\"a\xd0\xf2b\"");
  json_decode_invalid_utf8("\"\x61\xf0\x80\x80\x41\"");
+json_decode_invalid_utf8("[\"\xc1\xc1\",\"a\"]");
  echo "Done\n";
  ?>
  --EXPECT--
@@ -26,4 +32,17 @@ string(16) "61efbfbdefbfbd62"
  NULL
  string(2) "aA"
  string(22) "61efbfbdefbfbdefbfbd41"
+NULL
+array(2) {
+  [0]=>
+  string(0) ""
+  [1]=>
+  string(1) "a"
+}
+array(2) {
+  [0]=>
+  string(12) "efbfbdefbfbd"
+  [1]=>
+  string(2) "61"
+}
  Done
author	Jakub Zelenka <bukka@php.net>
	Sun, 6 Aug 2017 16:20:31 +0000 (17:20 +0100)
committer	Jakub Zelenka <bukka@php.net>
	Sun, 6 Aug 2017 16:20:31 +0000 (17:20 +0100)
ext/json/json_scanner.c		patch \| blob \| history
ext/json/json_scanner.re		patch \| blob \| history
ext/json/tests/json_decode_invalid_utf8.phpt		patch \| blob \| history