diff options
author | tommi@chromium.org <tommi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-30 21:11:54 +0000 |
---|---|---|
committer | tommi@chromium.org <tommi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-05-30 21:11:54 +0000 |
commit | 83b02bf3c0e655b8a2a19fa7318720f97c355c00 (patch) | |
tree | 275432c07c3b889b2819cb4b3e3bd9bad686a6be /base | |
parent | b6791a77ae5c2eec843b8c9b4ad3d9fa9c11fda7 (diff) | |
download | chromium_src-83b02bf3c0e655b8a2a19fa7318720f97c355c00.zip chromium_src-83b02bf3c0e655b8a2a19fa7318720f97c355c00.tar.gz chromium_src-83b02bf3c0e655b8a2a19fa7318720f97c355c00.tar.bz2 |
Fix a bug in json parser where a 4 byte unicode character caused us to read an unterminated string from the stack.
BUG=128737
Review URL: https://chromiumcodereview.appspot.com/10458002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@139634 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'base')
-rw-r--r-- | base/json/json_parser.cc | 4 | ||||
-rw-r--r-- | base/json/json_parser_unittest.cc | 13 |
2 files changed, 16 insertions, 1 deletions
diff --git a/base/json/json_parser.cc b/base/json/json_parser.cc index 10f1203..0fd5202 100644 --- a/base/json/json_parser.cc +++ b/base/json/json_parser.cc @@ -801,7 +801,9 @@ void JSONParser::DecodeUTF8(const int32& point, StringBuilder* dest) { int offset = 0; CBU8_APPEND_UNSAFE(utf8_units, offset, point); dest->Convert(); - dest->AppendString(utf8_units); + // CBU8_APPEND_UNSAFE can overwrite up to 4 bytes, so utf8_units may not be + // zero terminated at this point. |offset| contains the correct length. + dest->AppendString(std::string(utf8_units, offset)); } } diff --git a/base/json/json_parser_unittest.cc b/base/json/json_parser_unittest.cc index 206ef4c..8ee886b 100644 --- a/base/json/json_parser_unittest.cc +++ b/base/json/json_parser_unittest.cc @@ -289,5 +289,18 @@ TEST_F(JSONParserTest, ErrorMessages) { EXPECT_EQ(JSONReader::JSON_INVALID_ESCAPE, error_code); } +TEST_F(JSONParserTest, Decode4ByteUtf8Char) { + // This test strings contains a 4 byte unicode character (a smiley!) that the + // reader should be able to handle (the character is \xf0\x9f\x98\x87). + const char kUtf8Data[] = + "[\"😇\",[],[],[],{\"google:suggesttype\":[]}]"; + std::string error_message; + int error_code = 0; + scoped_ptr<Value> root( + JSONReader::ReadAndReturnError(kUtf8Data, JSON_PARSE_RFC, &error_code, + &error_message)); + EXPECT_TRUE(root.get()) << error_message; +} + } // namespace internal } // namespace base |