summaryrefslogtreecommitdiffstats
path: root/base
diff options
context:
space:
mode:
authortommi@chromium.org <tommi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-05-30 21:11:54 +0000
committertommi@chromium.org <tommi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2012-05-30 21:11:54 +0000
commit83b02bf3c0e655b8a2a19fa7318720f97c355c00 (patch)
tree275432c07c3b889b2819cb4b3e3bd9bad686a6be /base
parentb6791a77ae5c2eec843b8c9b4ad3d9fa9c11fda7 (diff)
downloadchromium_src-83b02bf3c0e655b8a2a19fa7318720f97c355c00.zip
chromium_src-83b02bf3c0e655b8a2a19fa7318720f97c355c00.tar.gz
chromium_src-83b02bf3c0e655b8a2a19fa7318720f97c355c00.tar.bz2
Fix a bug in json parser where a 4 byte unicode character caused us to read an unterminated string from the stack.
BUG=128737 Review URL: https://chromiumcodereview.appspot.com/10458002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@139634 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'base')
-rw-r--r--base/json/json_parser.cc4
-rw-r--r--base/json/json_parser_unittest.cc13
2 files changed, 16 insertions, 1 deletions
diff --git a/base/json/json_parser.cc b/base/json/json_parser.cc
index 10f1203..0fd5202 100644
--- a/base/json/json_parser.cc
+++ b/base/json/json_parser.cc
@@ -801,7 +801,9 @@ void JSONParser::DecodeUTF8(const int32& point, StringBuilder* dest) {
int offset = 0;
CBU8_APPEND_UNSAFE(utf8_units, offset, point);
dest->Convert();
- dest->AppendString(utf8_units);
+ // CBU8_APPEND_UNSAFE can overwrite up to 4 bytes, so utf8_units may not be
+ // zero terminated at this point. |offset| contains the correct length.
+ dest->AppendString(std::string(utf8_units, offset));
}
}
diff --git a/base/json/json_parser_unittest.cc b/base/json/json_parser_unittest.cc
index 206ef4c..8ee886b 100644
--- a/base/json/json_parser_unittest.cc
+++ b/base/json/json_parser_unittest.cc
@@ -289,5 +289,18 @@ TEST_F(JSONParserTest, ErrorMessages) {
EXPECT_EQ(JSONReader::JSON_INVALID_ESCAPE, error_code);
}
+TEST_F(JSONParserTest, Decode4ByteUtf8Char) {
+ // This test strings contains a 4 byte unicode character (a smiley!) that the
+ // reader should be able to handle (the character is \xf0\x9f\x98\x87).
+ const char kUtf8Data[] =
+ "[\"😇\",[],[],[],{\"google:suggesttype\":[]}]";
+ std::string error_message;
+ int error_code = 0;
+ scoped_ptr<Value> root(
+ JSONReader::ReadAndReturnError(kUtf8Data, JSON_PARSE_RFC, &error_code,
+ &error_message));
+ EXPECT_TRUE(root.get()) << error_message;
+}
+
} // namespace internal
} // namespace base