diff options
| author | bauerb <bauerb@chromium.org> | 2015-07-02 09:20:44 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-07-02 16:21:13 +0000 |
| commit | d7de09a486899ae13a4b664947c8b79270fb9240 (patch) | |
| tree | 4eb222431b0af63d8a7a87f6e6f2d17f6919854e /base/json | |
| parent | 4e132285cadc8875bd8bf5d0078f325562fdd620 (diff) | |
| download | chromium_src-d7de09a486899ae13a4b664947c8b79270fb9240.zip chromium_src-d7de09a486899ae13a4b664947c8b79270fb9240.tar.gz chromium_src-d7de09a486899ae13a4b664947c8b79270fb9240.tar.bz2 | |
Disallow escaped invalid Unicode characters in JSONParser.
Without this CL, the JSONParser will DCHECK when trying to construct a
StringValue while parsing these characters (see
JSONParserTest.DecodeUnicodeNonCharacter). In a Release build, the parsed
StringValue will contain malformed UTF-8, which could lead to further bugs down
the line.
Review URL: https://codereview.chromium.org/1214993004
Cr-Commit-Position: refs/heads/master@{#337229}
Diffstat (limited to 'base/json')
| -rw-r--r-- | base/json/json_parser.cc | 8 | ||||
| -rw-r--r-- | base/json/json_parser_unittest.cc | 8 |
2 files changed, 16 insertions, 0 deletions
diff --git a/base/json/json_parser.cc b/base/json/json_parser.cc index 60569fd..9be690a 100644 --- a/base/json/json_parser.cc +++ b/base/json/json_parser.cc @@ -776,11 +776,17 @@ bool JSONParser::DecodeUTF16(std::string* dest_string) { uint32 code_point = CBU16_GET_SUPPLEMENTARY(code_unit16_high, code_unit16_low); + if (!IsValidCharacter(code_point)) + return false; + offset = 0; CBU8_APPEND_UNSAFE(code_unit8, offset, code_point); } else { // Not a surrogate. DCHECK(CBU16_IS_SINGLE(code_unit16_high)); + if (!IsValidCharacter(code_unit16_high)) + return false; + CBU8_APPEND_UNSAFE(code_unit8, offset, code_unit16_high); } @@ -789,6 +795,8 @@ bool JSONParser::DecodeUTF16(std::string* dest_string) { } void JSONParser::DecodeUTF8(const int32& point, StringBuilder* dest) { + DCHECK(IsValidCharacter(point)); + // Anything outside of the basic ASCII plane will need to be decoded from // int32 to a multi-byte sequence. if (point < kExtendedASCIIStart) { diff --git a/base/json/json_parser_unittest.cc b/base/json/json_parser_unittest.cc index f776ddf..d88f9ea 100644 --- a/base/json/json_parser_unittest.cc +++ b/base/json/json_parser_unittest.cc @@ -313,5 +313,13 @@ TEST_F(JSONParserTest, Decode4ByteUtf8Char) { EXPECT_TRUE(root.get()) << error_message; } +TEST_F(JSONParserTest, DecodeUnicodeNonCharacter) { + // Tests Unicode code points (encoded as escaped UTF-16) that are not valid + // characters. + EXPECT_FALSE(JSONReader::Read("[\"\\ufdd0\"]")); + EXPECT_FALSE(JSONReader::Read("[\"\\ufffe\"]")); + EXPECT_FALSE(JSONReader::Read("[\"\\ud83f\\udffe\"]")); +} + } // namespace internal } // namespace base |