From nobody Wed Nov 5 13:00:26 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1534520951568612.266337783539; Fri, 17 Aug 2018 08:49:11 -0700 (PDT) Received: from localhost ([::1]:34866 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fqgzu-00025U-8Q for importer@patchew.org; Fri, 17 Aug 2018 11:49:10 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:46221) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fqgKG-00034Z-NP for qemu-devel@nongnu.org; Fri, 17 Aug 2018 11:06:17 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fqgKE-0001kQ-JL for qemu-devel@nongnu.org; Fri, 17 Aug 2018 11:06:08 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:46134 helo=mx1.redhat.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fqgKD-0001i1-RG for qemu-devel@nongnu.org; Fri, 17 Aug 2018 11:06:06 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 318FA40241CB; Fri, 17 Aug 2018 15:06:05 +0000 (UTC) Received: from blackfin.pond.sub.org (ovpn-116-56.ams2.redhat.com [10.36.116.56]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0736A2156714; Fri, 17 Aug 2018 15:06:05 +0000 (UTC) Received: by blackfin.pond.sub.org (Postfix, from userid 1000) id 2026E110E7FE; Fri, 17 Aug 2018 17:06:00 +0200 (CEST) From: Markus Armbruster To: qemu-devel@nongnu.org Date: Fri, 17 Aug 2018 17:05:15 +0200 Message-Id: <20180817150559.16243-17-armbru@redhat.com> In-Reply-To: <20180817150559.16243-1-armbru@redhat.com> References: <20180817150559.16243-1-armbru@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Fri, 17 Aug 2018 15:06:05 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Fri, 17 Aug 2018 15:06:05 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'armbru@redhat.com' RCPT:'' X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 66.187.233.73 Subject: [Qemu-devel] [PATCH v2 16/60] json: Fix lexer to include the bad character in JSON_ERROR token X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: marcandre.lureau@redhat.com, mdroth@linux.vnet.ibm.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RDMRC_1 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" json_lexer[] maps (lexer state, input character) to the new lexer state. The input character is consumed unless the new state is terminal and the input character doesn't belong to this token, i.e. the state transition uses look-ahead. When this is the case, input character '\0' would result in the same state transition. TERMINAL_NEEDED_LOOKAHEAD() exploits this. Except this is wrong for transitions to IN_ERROR. There, the offending input character is in fact consumed: case IN_ERROR returns. It isn't added to the JSON_ERROR token, though. Fix that by making TERMINAL_NEEDED_LOOKAHEAD() return false for transitions to IN_ERROR. There's a slight complication. json_lexer_flush() passes input character '\0' to flush an incomplete token. If this results in JSON_ERROR, we'd now add the '\0' to the token. Suppress that. Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake --- qobject/json-lexer.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/qobject/json-lexer.c b/qobject/json-lexer.c index 980ba159d6..7c0875d225 100644 --- a/qobject/json-lexer.c +++ b/qobject/json-lexer.c @@ -76,7 +76,7 @@ QEMU_BUILD_BUG_ON((int)JSON_MIN <=3D (int)IN_START); from OLD_STATE required lookahead. This happens whenever the table below uses the TERMINAL macro. */ #define TERMINAL_NEEDED_LOOKAHEAD(old_state, terminal) \ - (json_lexer[(old_state)][0] =3D=3D (terminal)) + (terminal !=3D IN_ERROR && json_lexer[(old_state)][0] =3D=3D (terminal= )) =20 static const uint8_t json_lexer[][256] =3D { /* Relies on default initialization to IN_ERROR! */ @@ -304,7 +304,7 @@ static int json_lexer_feed_char(JSONLexer *lexer, char = ch, bool flush) assert(lexer->state <=3D ARRAY_SIZE(json_lexer)); new_state =3D json_lexer[lexer->state][(uint8_t)ch]; char_consumed =3D !TERMINAL_NEEDED_LOOKAHEAD(lexer->state, new_sta= te); - if (char_consumed) { + if (char_consumed && !flush) { g_string_append_c(lexer->token, ch); } =20 --=20 2.17.1