Fixing json parsing issues detected by libfuzz.

9 years ago · c90886096a
parent 921f4b0a6e
commit c90886096a
2 changed files with 17 additions and 2 deletions
--- a/src/core/json/json_reader.c
+++ b/src/core/json/json_reader.c
@ -280,13 +280,14 @@ grpc_json_reader_status grpc_json_reader_run(grpc_json_reader *reader) {
            break;

          case GRPC_JSON_STATE_OBJECT_KEY_STRING:
-            GPR_ASSERT(reader->unicode_high_surrogate == 0);
+            if (reader->unicode_high_surrogate != 0)
+              return GRPC_JSON_PARSE_ERROR;
            if (c == '"') {
              reader->state = GRPC_JSON_STATE_OBJECT_KEY_END;
              json_reader_set_key(reader);
              json_reader_string_clear(reader);
            } else {
-              if (c <= 0x001f) return GRPC_JSON_PARSE_ERROR;
+              if (c < 32) return GRPC_JSON_PARSE_ERROR;
              json_reader_string_add_char(reader, c);
            }
            break;
@ -362,6 +363,8 @@ grpc_json_reader_status grpc_json_reader_run(grpc_json_reader *reader) {
                reader->in_object = 0;
                reader->in_array = 1;
                break;
+              default:
+                return GRPC_JSON_PARSE_ERROR;
            }
            break;

--- a/test/core/json/json_test.c
+++ b/test/core/json/json_test.c
@ -64,6 +64,7 @@ static testing_pair testing_pairs[] = {
    /* Testing UTF-8 character "𝄞", U+11D1E. */
    {"\"\xf0\x9d\x84\x9e\"", "\"\\ud834\\udd1e\""},
    {"\"\\ud834\\udd1e\"", "\"\\ud834\\udd1e\""},
+    {"{\"\\ud834\\udd1e\":0}", "{\"\\ud834\\udd1e\":0}"},
    /* Testing nested empty containers. */
    {
     " [ [ ] , { } , [ ] ] ", "[[],{},[]]",
@ -85,20 +86,31 @@ static testing_pair testing_pairs[] = {
    /* Testing plain invalid things, exercising the state machine. */
    {"\\", NULL},
    {"nu ll", NULL},
+    {"{\"foo\": bar}", NULL},
+    {"{\"foo\": bar\"x\"}", NULL},
    {"fals", NULL},
    /* Testing unterminated string. */
    {"\"\\x", NULL},
    /* Testing invalid UTF-16 number. */
    {"\"\\u123x", NULL},
+    {"{\"\\u123x", NULL},
    /* Testing imbalanced surrogate pairs. */
    {"\"\\ud834f", NULL},
+    {"{\"\\ud834f\":0}", NULL},
    {"\"\\ud834\\n", NULL},
+    {"{\"\\ud834\\n\":0}", NULL},
    {"\"\\udd1ef", NULL},
+    {"{\"\\udd1ef\":0}", NULL},
    {"\"\\ud834\\ud834\"", NULL},
+    {"{\"\\ud834\\ud834\"\":0}", NULL},
    {"\"\\ud834\\u1234\"", NULL},
+    {"{\"\\ud834\\u1234\"\":0}", NULL},
    {"\"\\ud834]\"", NULL},
+    {"{\"\\ud834]\"\":0}", NULL},
    {"\"\\ud834 \"", NULL},
+    {"{\"\\ud834 \"\":0}", NULL},
    {"\"\\ud834\\\\\"", NULL},
+    {"{\"\\ud834\\\\\"\":0}", NULL},
    /* Testing embedded invalid whitechars. */
    {"\"\n\"", NULL},
    {"\"\t\"", NULL},