From 71374e737570af27a57aad4c688389ca331f1349 Mon Sep 17 00:00:00 2001
From: Vignesh Babu <vigneshbabu@google.com>
Date: Wed, 24 Nov 2021 23:48:42 +0000
Subject: [PATCH] accounting for un-matched utf8 bytes in json parsing (#28203)

---
 src/core/lib/json/json_reader.cc                | 10 ++++++++++
 test/core/json/corpus/testcase-4778708900904960 |  1 +
 2 files changed, 11 insertions(+)
 create mode 100644 test/core/json/corpus/testcase-4778708900904960

diff --git a/src/core/lib/json/json_reader.cc b/src/core/lib/json/json_reader.cc
index a82577da064..bdd749fbd88 100644
--- a/src/core/lib/json/json_reader.cc
+++ b/src/core/lib/json/json_reader.cc
@@ -471,6 +471,11 @@ JsonReader::Status JsonReader::Run() {
             }
             if (c == '"') {
               state_ = State::GRPC_JSON_STATE_OBJECT_KEY_END;
+              // Once the key is parsed, there should no un-matched utf8
+              // encoded bytes.
+              if (utf8_bytes_remaining_ != 0) {
+                return Status::GRPC_JSON_PARSE_ERROR;
+              }
               SetKey();
             } else {
               if (c < 32) return Status::GRPC_JSON_PARSE_ERROR;
@@ -484,6 +489,11 @@ JsonReader::Status JsonReader::Run() {
             }
             if (c == '"') {
               state_ = State::GRPC_JSON_STATE_VALUE_END;
+              // Once the value is parsed, there should no un-matched utf8
+              // encoded bytes.
+              if (utf8_bytes_remaining_ != 0) {
+                return Status::GRPC_JSON_PARSE_ERROR;
+              }
               SetString();
             } else {
               if (c < 32) return Status::GRPC_JSON_PARSE_ERROR;
diff --git a/test/core/json/corpus/testcase-4778708900904960 b/test/core/json/corpus/testcase-4778708900904960
new file mode 100644
index 00000000000..affab5d3258
--- /dev/null
+++ b/test/core/json/corpus/testcase-4778708900904960
@@ -0,0 +1 @@
+"Ü"
\ No newline at end of file