From e2c6037da387aad05e4f6bd4a8a6267051d6de04 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Sun, 22 Jan 2017 15:56:26 +0100
Subject: [PATCH] patch 8.0.0216: decoding js style json may fail

Problem:    When decoding JSON with a JS style object the JSON test may use a
            NULL pointer. (Coverity)
Solution:   Check for a NULL pointer.
---
 src/json.c      | 12 ++++++++----
 src/json_test.c |  6 ++++++
 src/version.c   |  2 ++
 3 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/src/json.c b/src/json.c
index a9333cf07..fd1b6ec3d 100644
--- a/src/json.c
+++ b/src/json.c
@@ -629,10 +629,13 @@ json_decode_item(js_read_T *reader, typval_T *res, int options)
 	    key = p = reader->js_buf + reader->js_used;
 	    while (*p != NUL && *p != ':' && *p > ' ')
 		++p;
-	    cur_item->v_type = VAR_STRING;
-	    cur_item->vval.v_string = vim_strnsave(key, (int)(p - key));
+	    if (cur_item != NULL)
+	    {
+		cur_item->v_type = VAR_STRING;
+		cur_item->vval.v_string = vim_strnsave(key, (int)(p - key));
+		top_item->jd_key = cur_item->vval.v_string;
+	    }
 	    reader->js_used += (int)(p - key);
-	    top_item->jd_key = cur_item->vval.v_string;
 	}
 	else
 	{
@@ -1053,7 +1056,8 @@ json_decode(js_read_T *reader, typval_T *res, int options)
 
 /*
  * Decode the JSON from "reader" to find the end of the message.
- * "options" can be JSON_JS or zero;
+ * "options" can be JSON_JS or zero.
+ * This is only used for testing.
  * Return FAIL if the message has a decoding error.
  * Return MAYBE if the message is truncated, need to read more.
  * This only works reliable if the message contains an object, array or
diff --git a/src/json_test.c b/src/json_test.c
index 74463f3d2..c7779b29a 100644
--- a/src/json_test.c
+++ b/src/json_test.c
@@ -107,6 +107,12 @@ test_decode_find_end(void)
     reader.js_buf = (char_u *)"  {   ";
     assert(json_find_end(&reader, 0) == MAYBE);
 
+    /* JS object with white space */
+    reader.js_buf = (char_u *)"  {  a  :  123  }  ";
+    assert(json_find_end(&reader, JSON_JS) == OK);
+    reader.js_buf = (char_u *)"  {  a  :   ";
+    assert(json_find_end(&reader, JSON_JS) == MAYBE);
+
     /* array without white space */
     reader.js_buf = (char_u *)"[\"a\",123]";
     assert(json_find_end(&reader, 0) == OK);
diff --git a/src/version.c b/src/version.c
index 0e13125c7..a46b13ff3 100644
--- a/src/version.c
+++ b/src/version.c
@@ -764,6 +764,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    216,
 /**/
     215,
 /**/
-- 
2.50.1