From a1a8abd0d9fe1410e5b6b08c9b578382b285d99e Mon Sep 17 00:00:00 2001 From: Milo Yip Date: Thu, 26 Jun 2014 23:35:13 +0800 Subject: [PATCH] Add safe checks in parsing compound types. Compound types (object and array) call ParseString() and ParseValue() for key and values. If there is parse errors inside those calls, it should stop continue parsing. Otherwise, it may be possible to continue parsing and calling handler incorrectly. For example, in ["a\u,","b"], \u generates an error (it should follow but 4 hex digits), the parser continues to treat the first comma as element separator, and treat "," as a JSON string and call the handler. It may be unacceptable in the application code. --- include/rapidjson/reader.h | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/include/rapidjson/reader.h b/include/rapidjson/reader.h index 0806d96..4a184c0 100644 --- a/include/rapidjson/reader.h +++ b/include/rapidjson/reader.h @@ -277,6 +277,9 @@ private: RAPIDJSON_PARSE_ERROR("Name of an object member must be a string", is.Tell()); ParseString(is, handler); + if (HasParseError()) + return; + SkipWhitespace(is); if (is.Take() != ':') @@ -285,6 +288,9 @@ private: SkipWhitespace(is); ParseValue(is, handler); + if (HasParseError()) + return; + SkipWhitespace(is); ++memberCount; @@ -313,6 +319,9 @@ private: for (SizeType elementCount = 0;;) { ParseValue(is, handler); + if (HasParseError()) + return; + ++elementCount; SkipWhitespace(is);