Don't accept json strings with trailing garbage

A well formed JSON document is not allowed to contain trailing garbage at the end. Don't accept this in the parser. Task-number: QTBUG-40062 Change-Id: I0a09dbd099a8c643f58023342546c4e67d026fec Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
author: Lars Knoll <lars.knoll@digia.com> 2014-09-05 13:26:16 +0200
committer: Lars Knoll <lars.knoll@digia.com> 2014-09-10 21:10:45 +0200
commit: df25927a6827c0abce6d35440359a835d23226f7 (patch)
tree: ef060f0fc451806856c6c009f10e40be7d89e061
parent: 853845a4a2570302def9526a99f2b09433c286c5 (diff)
3 files changed, 28 insertions, 1 deletions
diff --git a/src/corelib/json/qjsondocument.h b/src/corelib/json/qjsondocument.h
index ea42d76b20..a09176727f 100644
--- a/src/corelib/json/qjsondocument.h
+++ b/src/corelib/json/qjsondocument.h
@@ -68,7 +68,8 @@ struct Q_CORE_EXPORT QJsonParseError
         UnterminatedString,
         MissingObject,
         DeepNesting,
-        DocumentTooLarge
+        DocumentTooLarge,
+        GarbageAtEnd
     };
 
     QString    errorString() const;
diff --git a/src/corelib/json/qjsonparser.cpp b/src/corelib/json/qjsonparser.cpp
index 0c61718843..09d8a929cd 100644
--- a/src/corelib/json/qjsonparser.cpp
+++ b/src/corelib/json/qjsonparser.cpp
@@ -79,6 +79,7 @@ QT_BEGIN_NAMESPACE
 #define JSONERR_MISS_OBJ    QT_TRANSLATE_NOOP("QJsonParseError", "object is missing after a comma")
 #define JSONERR_DEEP_NEST   QT_TRANSLATE_NOOP("QJsonParseError", "too deeply nested document")
 #define JSONERR_DOC_LARGE   QT_TRANSLATE_NOOP("QJsonParseError", "too large document")
+#define JSONERR_GARBAGEEND  QT_TRANSLATE_NOOP("QJsonParseError", "garbage at the end of the document")
 
 /*!
     \class QJsonParseError
@@ -111,6 +112,8 @@ QT_BEGIN_NAMESPACE
     \value MissingObject            An object was expected but couldn't be found
     \value DeepNesting              The JSON document is too deeply nested for the parser to parse it
     \value DocumentTooLarge         The JSON document is too large for the parser to parse it
+    \value GarbageAtEnd             The parsed document contains additional garbage characters at the end
+
 */
 
 /*!
@@ -182,6 +185,9 @@ QString QJsonParseError::errorString() const
     case DocumentTooLarge:
         sz = JSONERR_DOC_LARGE;
         break;
+    case GarbageAtEnd:
+        sz = JSONERR_GARBAGEEND;
+        break;
     }
 #ifndef QT_BOOTSTRAPPED
     return QCoreApplication::translate("QJsonParseError", sz);
@@ -323,6 +329,12 @@ QJsonDocument Parser::parse(QJsonParseError *error)
         goto error;
     }
 
+    eatSpace();
+    if (json < end) {
+        lastError = QJsonParseError::GarbageAtEnd;
+        goto error;
+    }
+
     END;
     {
         if (error) {
diff --git a/tests/auto/corelib/json/tst_qtjson.cpp b/tests/auto/corelib/json/tst_qtjson.cpp
index ba19e4855d..253741c103 100644
--- a/tests/auto/corelib/json/tst_qtjson.cpp
+++ b/tests/auto/corelib/json/tst_qtjson.cpp
@@ -151,6 +151,7 @@ private Q_SLOTS:
     void objectInitializerList();
 
     void unicodeKeys();
+    void garbageAtEnd();
 private:
     QString testDataDir;
 };
@@ -2777,5 +2778,18 @@ void tst_QtJson::unicodeKeys()
     }
 }
 
+void tst_QtJson::garbageAtEnd()
+{
+    QJsonParseError error;
+    QJsonDocument doc = QJsonDocument::fromJson("{},", &error);
+    QVERIFY(error.error == QJsonParseError::GarbageAtEnd);
+    QVERIFY(error.offset == 2);
+    QVERIFY(doc.isEmpty());
+
+    doc = QJsonDocument::fromJson("{}    ", &error);
+    QVERIFY(error.error == QJsonParseError::NoError);
+    QVERIFY(!doc.isEmpty());
+}
+
 QTEST_MAIN(tst_QtJson)
 #include "tst_qtjson.moc"
author	Lars Knoll <lars.knoll@digia.com>	2014-09-05 13:26:16 +0200
committer	Lars Knoll <lars.knoll@digia.com>	2014-09-10 21:10:45 +0200
commit	df25927a6827c0abce6d35440359a835d23226f7 (patch)
tree	ef060f0fc451806856c6c009f10e40be7d89e061
parent	853845a4a2570302def9526a99f2b09433c286c5 (diff)