Skip to content
Snippets Groups Projects
Commit eedc3355 authored by Nicolas Noble's avatar Nicolas Noble Committed by GitHub
Browse files

Merge pull request #5803 from nicolasnoble/what-the-fuzz 

Fixing json parsing issues detected by libfuzz.
parents 1e6e21b7 18c71117
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/core/lib/json/json_reader.c
+ 9
5
View file @ eedc3355
/* /*
* *
* Copyright 2015, Google Inc. * Copyright 2015-2016, Google Inc.
* All rights reserved. * All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
...@@ -171,8 +171,9 @@ grpc_json_reader_status grpc_json_reader_run(grpc_json_reader *reader) { ...@@ -171,8 +171,9 @@ grpc_json_reader_status grpc_json_reader_run(grpc_json_reader *reader) {
switch (reader->state) { switch (reader->state) {
case GRPC_JSON_STATE_OBJECT_KEY_STRING: case GRPC_JSON_STATE_OBJECT_KEY_STRING:
case GRPC_JSON_STATE_VALUE_STRING: case GRPC_JSON_STATE_VALUE_STRING:
if (reader->unicode_high_surrogate != 0) if (reader->unicode_high_surrogate != 0) {
return GRPC_JSON_PARSE_ERROR; return GRPC_JSON_PARSE_ERROR;
}
json_reader_string_add_char(reader, c); json_reader_string_add_char(reader, c);
break; break;
...@@ -289,8 +290,9 @@ grpc_json_reader_status grpc_json_reader_run(grpc_json_reader *reader) { ...@@ -289,8 +290,9 @@ grpc_json_reader_status grpc_json_reader_run(grpc_json_reader *reader) {
break; break;
case GRPC_JSON_STATE_OBJECT_KEY_STRING: case GRPC_JSON_STATE_OBJECT_KEY_STRING:
if (reader->unicode_high_surrogate != 0) if (reader->unicode_high_surrogate != 0) {
return GRPC_JSON_PARSE_ERROR; return GRPC_JSON_PARSE_ERROR;
}
if (c == '"') { if (c == '"') {
reader->state = GRPC_JSON_STATE_OBJECT_KEY_END; reader->state = GRPC_JSON_STATE_OBJECT_KEY_END;
json_reader_set_key(reader); json_reader_set_key(reader);
...@@ -302,8 +304,9 @@ grpc_json_reader_status grpc_json_reader_run(grpc_json_reader *reader) { ...@@ -302,8 +304,9 @@ grpc_json_reader_status grpc_json_reader_run(grpc_json_reader *reader) {
break; break;
case GRPC_JSON_STATE_VALUE_STRING: case GRPC_JSON_STATE_VALUE_STRING:
if (reader->unicode_high_surrogate != 0) if (reader->unicode_high_surrogate != 0) {
return GRPC_JSON_PARSE_ERROR; return GRPC_JSON_PARSE_ERROR;
}
if (c == '"') { if (c == '"') {
reader->state = GRPC_JSON_STATE_VALUE_END; reader->state = GRPC_JSON_STATE_VALUE_END;
json_reader_set_string(reader); json_reader_set_string(reader);
...@@ -383,8 +386,9 @@ grpc_json_reader_status grpc_json_reader_run(grpc_json_reader *reader) { ...@@ -383,8 +386,9 @@ grpc_json_reader_status grpc_json_reader_run(grpc_json_reader *reader) {
} else { } else {
reader->state = GRPC_JSON_STATE_VALUE_STRING; reader->state = GRPC_JSON_STATE_VALUE_STRING;
} }
if (reader->unicode_high_surrogate && c != 'u') if (reader->unicode_high_surrogate && c != 'u') {
return GRPC_JSON_PARSE_ERROR; return GRPC_JSON_PARSE_ERROR;
}
switch (c) { switch (c) {
case '"': case '"':
case '/': case '/':
......
test/core/json/json_test.c
+ 1
1
View file @ eedc3355
/* /*
* *
* Copyright 2015, Google Inc. * Copyright 2015-2016, Google Inc.
* All rights reserved. * All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment