apr-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From minf...@apache.org
Subject svn commit: r1836028 - in /apr/apr-util/branches/1.7.x: ./ json/apr_json_decode.c
Date Mon, 16 Jul 2018 12:34:50 GMT
Author: minfrin
Date: Mon Jul 16 12:34:50 2018
New Revision: 1836028

URL: http://svn.apache.org/viewvc?rev=1836028&view=rev
Log:
Backport 1836017.

apr_json: strengthen decoding of float and object key.

A float number can't start with a dot, and an object key is a string so we
can avoid parsing any type before failing.

Modified:
    apr/apr-util/branches/1.7.x/   (props changed)
    apr/apr-util/branches/1.7.x/json/apr_json_decode.c

Propchange: apr/apr-util/branches/1.7.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Mon Jul 16 12:34:50 2018
@@ -1,4 +1,4 @@
-/apr/apr/trunk:781403,781409,784519,784592,789965,794508,917837-917838,982408-982409,998533,1086937,1127053,1127648,1128838,1129433,1133587,1207704,1210524,1211987,1214516,1308087,1308131,1308318,1327636,1340286,1346865,1357761,1357772,1357780,1357966,1357968,1357979,1358295,1358480,1361811,1362241,1362248,1362252,1362255,1363076,1369681,1370626,1371811,1371817,1371919,1371923,1382174,1389154,1389169,1390461,1390477,1402870,1402897,1402903,1402907,1406088,1422413,1425356,1426442,1426448,1438960,1449308,1449314,1460185,1460243-1460244,1462219,1462224,1484271,1493715,1495887,1495889,1496407,1516261,1523479,1529554,1531009,1541054,1543399,1544846,1618843,1619438,1625247,1626561,1648830,1711657,1722547,1728958,1728963,1747941,1751567,1751806,1751898,1752008,1763665,1763667,1763669,1763672-1763673,1763842-1763843,1765378,1772414,1778153,1781391,1782042,1782045,1788335,1789947,1809394,1811470,1820080,1825311,1833359,1833366,1833382,1833421,1833425-1833426,1833440,1833449-1833451,1833456,1
 833525,1833599,1833993,1833995,1834022-1834024,1834551,1835392
+/apr/apr/trunk:781403,781409,784519,784592,789965,794508,917837-917838,982408-982409,998533,1086937,1127053,1127648,1128838,1129433,1133587,1207704,1210524,1211987,1214516,1308087,1308131,1308318,1327636,1340286,1346865,1357761,1357772,1357780,1357966,1357968,1357979,1358295,1358480,1361811,1362241,1362248,1362252,1362255,1363076,1369681,1370626,1371811,1371817,1371919,1371923,1382174,1389154,1389169,1390461,1390477,1402870,1402897,1402903,1402907,1406088,1422413,1425356,1426442,1426448,1438960,1449308,1449314,1460185,1460243-1460244,1462219,1462224,1484271,1493715,1495887,1495889,1496407,1516261,1523479,1529554,1531009,1541054,1543399,1544846,1618843,1619438,1625247,1626561,1648830,1711657,1722547,1728958,1728963,1747941,1751567,1751806,1751898,1752008,1763665,1763667,1763669,1763672-1763673,1763842-1763843,1765378,1772414,1778153,1781391,1782042,1782045,1788335,1789947,1809394,1811470,1820080,1825311,1833359,1833366,1833382,1833421,1833425-1833426,1833440,1833449-1833451,1833456,1
 833525,1833599,1833993,1833995,1834022-1834024,1834551,1835392,1836017
 /apr/apr-util/branches/1.3.x:896410,1154885
 /apr/apr-util/branches/1.4.x:1126217,1211211,1211219,1211223,1211330
 /apr/apr-util/branches/1.5.x:1757430

Modified: apr/apr-util/branches/1.7.x/json/apr_json_decode.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.7.x/json/apr_json_decode.c?rev=1836028&r1=1836027&r2=1836028&view=diff
==============================================================================
--- apr/apr-util/branches/1.7.x/json/apr_json_decode.c (original)
+++ apr/apr-util/branches/1.7.x/json/apr_json_decode.c Mon Jul 16 12:34:50 2018
@@ -34,7 +34,10 @@ typedef struct apr_json_scanner_t {
     int level;
 } apr_json_scanner_t;
 
-static apr_status_t apr_json_decode_value(apr_json_scanner_t * self, apr_json_value_t **
retval);
+static apr_status_t apr_json_decode_space(apr_json_scanner_t * self,
+                                          const char **space);
+static apr_status_t apr_json_decode_value(apr_json_scanner_t * self,
+                                          apr_json_value_t ** retval);
 
 /* stolen from mod_mime_magic.c :) */
 /* Single hex char to int; -1 if not a hex char. */
@@ -468,19 +471,30 @@ static apr_status_t apr_json_decode_obje
             break;
         }
 
-        if ((status = apr_json_decode_value(self, &key)))
+        key = apr_json_value_create(self->pool);
+        if ((status = apr_json_decode_space(self, &key->pre)))
             goto out;
 
-        if (key->type != APR_JSON_STRING) {
+        if (self->p == self->e) {
+            status = APR_EOF;
+            goto out;
+        }
+        if (*self->p != '"') {
             status = APR_BADCH;
             goto out;
         }
 
+        key->type = APR_JSON_STRING;
+        if ((status = apr_json_decode_string(self, &key->value.string)))
+            goto out;
+
+        if ((status = apr_json_decode_space(self, &key->post)))
+            goto out;
+
         if (self->p == self->e) {
             status = APR_EOF;
             goto out;
         }
-
         if (*self->p != ':') {
             status = APR_BADCH;
             goto out;
@@ -553,13 +567,6 @@ static apr_status_t apr_json_decode_numb
                 return APR_EOF;
             c = *(unsigned char *)p;
         }
-        if (c == '.') {
-            p++;
-            if (p >= e)
-                return APR_EOF;
-            c = *(unsigned char *)p;
-            treat_as_float = 1;
-        }
         if (!isdigit(c)) {
             status = APR_BADCH;
             goto out;
@@ -771,8 +778,10 @@ static apr_status_t apr_json_decode_valu
     }
 
     if (status == APR_SUCCESS) {
-        *retval = apr_json_value_create(self->pool);
-        **retval = value;
+        *retval = apr_pmemdup(self->pool, &value, sizeof(value));
+    }
+    else {
+        *retval = NULL;
     }
     return status;
 }



Mime
View raw message