#55 crash parsing invalid JSON string

open
nobody
None
5
2012-07-14
2012-07-14
Anonymous
No

libjson v7.6.1 [MSVC v1600 32bit (x86)] Jul 13 2012, 22:21:35
Compilation options:
JSON_DEBUG JSON_SAFE JSON_STDERROR JSON_PREPARSE
JSON_REF_COUNT JSON_BINARY JSON_ITERATORS

Parsing the (invalid) string: ["foo"
raises a "Debug Assertion Failed!" error in xstring line 78 with the message: string iterator not dereferencable.
It looks like JSONPreparse::isValidArray() is trying to read past the end of the string.

Trying to parse: {"foo"
raises a slightly different exception - string iterator not incrementable.

Discussion

  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2012-07-14

    It seems this is a "feature" of the Microsoft C++ standard library - http://msdn.microsoft.com/en-us/library/aa985965. Apparently us programmers can't be trusted with our own pointers any more. I had to define both _SECURE_SCL=0 and _HAS_ITERATOR_DEBUGGING=0 and that fixed it, although I'm not sure that is the best solution. It looks like the JSONPreparse code relies on being able to dereference the NULL past the end of the string, but I'm pretty sure that the C++ standard doesn't guarantee that you can do that, so there could potentially be implementations where this would break for real.

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2012-07-16

    Unfortunately, defining _SECURE_SCL=0 forces the entire project to be compiled with that setting, otherwise the linker complains about symbol mismatches. This might not be acceptable to some projects. I am attaching a patch that catches the two instances that I could find in JSONPreparse where the string is read past the end.

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2012-07-16

    patch for JSONPreparse.cpp

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2012-07-16

    Along the same line, trying to parse: ["foo"]#bar will read past the end of string in JSONWorker.cpp in private_RemoveWhiteSpace() - I get a "Invalid JSON character detected (hi)" message when it reads a garbage char after the NULL. I am attaching another patch that fixes that.

    This method is also using string.data() instead of string.c_str() to get its pointers, but I think there are code paths in it that rely on being able to read a terminating NULL, which only c_str() guarantees.

     
  • Comment has been marked as spam. 
    Undo

    You can see all pending comments posted by this user  here

    Anonymous - 2012-07-16

    patch for JSONWorker.cpp

     
    Last edit: Anonymous 2014-10-15
  • Jonathan Wallace

    Interesting :/

     
  • Nobody/Anonymous

    I couldnt stop reading this article. Its not just interesting, its written in an easy to understand manner as well as being easy to understand. Thanks for your great work!
    <a href="http://www.weddingwire.com/wedding/UserViewProfile?wid=4187fa6a34986800" title="Command">Command</a>

     
  • Nobody/Anonymous

    always a big fan of linking to bloggers that I love but dont get a lot of link love from
    <a href="http://bestuff.com/profile/bootfridge2" title="Employ">Employ</a>

     
  • Nobody/Anonymous

    Definitely, what a fantastic blog and illuminating posts, I surely will bookmark your site.Have an awsome day!
    <a href="http://www.iccup.com/dota/content/blogs/Order_The_particular_Events_With_Gorgeous_Nig.html" title="Beautiful">Beautiful</a>

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks