]> granicus.if.org Git - vim/commitdiff
projects / vim / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ff1e879)
patch 8.0.1602: crash in parsing JSON v8.0.1602
authorBram Moolenaar <Bram@vim.org>
Tue, 13 Mar 2018 12:10:41 +0000 (13:10 +0100)
committerBram Moolenaar <Bram@vim.org>
Tue, 13 Mar 2018 12:10:41 +0000 (13:10 +0100)
Problem:    Crash in parsing JSON.
Solution:   Fail when using array or dict as dict key. (Damien)

src/json.c patch | blob | history
src/testdir/test_json.vim patch | blob | history
src/version.c patch | blob | history

diff --git a/src/json.c b/src/json.c
index 6f914ea03dd5fef0676e75c2e6df27056f54c643..e1f40bf652db868ec1d5b616852a0e6455816412 100644 (file)
--- a/src/json.c
+++ b/src/json.c
@@ -621,7 +621,9 @@ json_decode_item(js_read_T *reader, typval_T *res, int options)
        if (top_item != NULL && top_item->jd_type == JSON_OBJECT_KEY
                && (options & JSON_JS)
                && reader->js_buf[reader->js_used] != '"'
-               && reader->js_buf[reader->js_used] != '\'')
+               && reader->js_buf[reader->js_used] != '\''
+               && reader->js_buf[reader->js_used] != '['
+               && reader->js_buf[reader->js_used] != '{')
        {
            char_u *key;
 
@@ -642,6 +644,11 @@ json_decode_item(js_read_T *reader, typval_T *res, int options)
            switch (*p)
            {
                case '[': /* start of array */
+                   if (top_item && top_item->jd_type == JSON_OBJECT_KEY)
+                   {
+                       retval = FAIL;
+                       break;
+                   }
                    if (ga_grow(&stack, 1) == FAIL)
                    {
                        retval = FAIL;
@@ -668,6 +675,11 @@ json_decode_item(js_read_T *reader, typval_T *res, int options)
                    continue;
 
                case '{': /* start of object */
+                   if (top_item && top_item->jd_type == JSON_OBJECT_KEY)
+                   {
+                       retval = FAIL;
+                       break;
+                   }
                    if (ga_grow(&stack, 1) == FAIL)
                    {
                        retval = FAIL;
diff --git a/src/testdir/test_json.vim b/src/testdir/test_json.vim
index acd2ea85b5d44b690d104cd8d4e4af11efbe7be4..396651e6be8ecc3fa63f3de68abdf8e9be8e5143 100644 (file)
--- a/src/testdir/test_json.vim
+++ b/src/testdir/test_json.vim
@@ -179,6 +179,9 @@ func Test_json_decode()
   call assert_fails('call json_decode("[1 2]")', "E474:")
 
   call assert_fails('call json_decode("[1,,2]")', "E474:")
+
+  call assert_fails('call json_decode("{{}:42}")', "E474:")
+  call assert_fails('call json_decode("{[]:42}")', "E474:")
 endfunc
 
 let s:jsl5 = '[7,,,]'
diff --git a/src/version.c b/src/version.c
index 50422aada7f45158e11ced88624317e7b9058a56..2a537e6b1e52bdf9e056d51251d846d157356eb2 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -766,6 +766,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1602,
 /**/
     1601,
 /**/
Unnamed repository; edit this file 'description' to name the repository.