From f9277915ee7b2654f5347c4c261c8a0651fdd561 Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Thu, 23 Aug 2018 18:40:12 +0200 Subject: json: Fix streamer not to ignore trailing unterminated structures json_message_process_token() accumulates tokens until it got the sequence of tokens that comprise a single JSON value (it counts curly braces and square brackets to decide). It feeds those token sequences to json_parser_parse(). If a non-empty sequence of tokens remains at the end of the parse, it's silently ignored. check-qjson.c cases unterminated_array(), unterminated_array_comma(), unterminated_dict(), unterminated_dict_comma() demonstrate this bug. Fix as follows. Introduce a JSON_END_OF_INPUT token. When the streamer receives it, it feeds the accumulated tokens to json_parser_parse(). Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake Message-Id: <20180823164025.12553-46-armbru@redhat.com> --- qobject/json-streamer.c | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'qobject/json-streamer.c') diff --git a/qobject/json-streamer.c b/qobject/json-streamer.c index e372ecc..674dfe6 100644 --- a/qobject/json-streamer.c +++ b/qobject/json-streamer.c @@ -60,6 +60,13 @@ void json_message_process_token(JSONLexer *lexer, GString *input, case JSON_ERROR: error_setg(&err, "JSON parse error, stray '%s'", input->str); goto out_emit; + case JSON_END_OF_INPUT: + if (g_queue_is_empty(parser->tokens)) { + return; + } + json = json_parser_parse(parser->tokens, parser->ap, &err); + parser->tokens = NULL; + goto out_emit; default: break; } @@ -137,6 +144,7 @@ void json_message_parser_feed(JSONMessageParser *parser, void json_message_parser_flush(JSONMessageParser *parser) { json_lexer_flush(&parser->lexer); + assert(g_queue_is_empty(parser->tokens)); } void json_message_parser_destroy(JSONMessageParser *parser) -- cgit v1.1