From df25927a6827c0abce6d35440359a835d23226f7 Mon Sep 17 00:00:00 2001
From: Lars Knoll <lars.knoll@digia.com>
Date: Fri, 5 Sep 2014 13:26:16 +0200
Subject: Don't accept json strings with trailing garbage
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

A well formed JSON document is not allowed to contain
trailing garbage at the end. Don't accept this in the
parser.

Task-number: QTBUG-40062
Change-Id: I0a09dbd099a8c643f58023342546c4e67d026fec
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@digia.com>
---
 src/corelib/json/qjsondocument.h |  3 ++-
 src/corelib/json/qjsonparser.cpp | 12 ++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

(limited to 'src/corelib')

diff --git a/src/corelib/json/qjsondocument.h b/src/corelib/json/qjsondocument.h
index ea42d76b20..a09176727f 100644
--- a/src/corelib/json/qjsondocument.h
+++ b/src/corelib/json/qjsondocument.h
@@ -68,7 +68,8 @@ struct Q_CORE_EXPORT QJsonParseError
         UnterminatedString,
         MissingObject,
         DeepNesting,
-        DocumentTooLarge
+        DocumentTooLarge,
+        GarbageAtEnd
     };
 
     QString    errorString() const;
diff --git a/src/corelib/json/qjsonparser.cpp b/src/corelib/json/qjsonparser.cpp
index 0c61718843..09d8a929cd 100644
--- a/src/corelib/json/qjsonparser.cpp
+++ b/src/corelib/json/qjsonparser.cpp
@@ -79,6 +79,7 @@ QT_BEGIN_NAMESPACE
 #define JSONERR_MISS_OBJ    QT_TRANSLATE_NOOP("QJsonParseError", "object is missing after a comma")
 #define JSONERR_DEEP_NEST   QT_TRANSLATE_NOOP("QJsonParseError", "too deeply nested document")
 #define JSONERR_DOC_LARGE   QT_TRANSLATE_NOOP("QJsonParseError", "too large document")
+#define JSONERR_GARBAGEEND  QT_TRANSLATE_NOOP("QJsonParseError", "garbage at the end of the document")
 
 /*!
     \class QJsonParseError
@@ -111,6 +112,8 @@ QT_BEGIN_NAMESPACE
     \value MissingObject            An object was expected but couldn't be found
     \value DeepNesting              The JSON document is too deeply nested for the parser to parse it
     \value DocumentTooLarge         The JSON document is too large for the parser to parse it
+    \value GarbageAtEnd             The parsed document contains additional garbage characters at the end
+
 */
 
 /*!
@@ -182,6 +185,9 @@ QString QJsonParseError::errorString() const
     case DocumentTooLarge:
         sz = JSONERR_DOC_LARGE;
         break;
+    case GarbageAtEnd:
+        sz = JSONERR_GARBAGEEND;
+        break;
     }
 #ifndef QT_BOOTSTRAPPED
     return QCoreApplication::translate("QJsonParseError", sz);
@@ -323,6 +329,12 @@ QJsonDocument Parser::parse(QJsonParseError *error)
         goto error;
     }
 
+    eatSpace();
+    if (json < end) {
+        lastError = QJsonParseError::GarbageAtEnd;
+        goto error;
+    }
+
     END;
     {
         if (error) {
-- 
cgit v1.2.3