From nobody Wed Nov 5 13:05:20 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) client-ip=208.118.235.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of gnu.org designates 208.118.235.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org; dmarc=fail(p=none dis=none) header.from=redhat.com Return-Path: Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) by mx.zohomail.com with SMTPS id 1534519237453681.5583739040853; Fri, 17 Aug 2018 08:20:37 -0700 (PDT) Received: from localhost ([::1]:34708 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fqgYG-0003Ft-7z for importer@patchew.org; Fri, 17 Aug 2018 11:20:36 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:46328) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fqgKJ-00037R-QJ for qemu-devel@nongnu.org; Fri, 17 Aug 2018 11:06:18 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fqgKF-0001mk-SF for qemu-devel@nongnu.org; Fri, 17 Aug 2018 11:06:11 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:46160 helo=mx1.redhat.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fqgKF-0001j4-3c for qemu-devel@nongnu.org; Fri, 17 Aug 2018 11:06:07 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id AB2C0407B399; Fri, 17 Aug 2018 15:06:05 +0000 (UTC) Received: from blackfin.pond.sub.org (ovpn-116-56.ams2.redhat.com [10.36.116.56]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 602092166BA5; Fri, 17 Aug 2018 15:06:05 +0000 (UTC) Received: by blackfin.pond.sub.org (Postfix, from userid 1000) id 5115B110E67F; Fri, 17 Aug 2018 17:06:00 +0200 (CEST) From: Markus Armbruster To: qemu-devel@nongnu.org Date: Fri, 17 Aug 2018 17:05:26 +0200 Message-Id: <20180817150559.16243-28-armbru@redhat.com> In-Reply-To: <20180817150559.16243-1-armbru@redhat.com> References: <20180817150559.16243-1-armbru@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Fri, 17 Aug 2018 15:06:05 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Fri, 17 Aug 2018 15:06:05 +0000 (UTC) for IP:'10.11.54.6' DOMAIN:'int-mx06.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'armbru@redhat.com' RCPT:'' X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 66.187.233.73 Subject: [Qemu-devel] [PATCH v2 27/60] json: Reject invalid \uXXXX, fix \u0000 X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: marcandre.lureau@redhat.com, mdroth@linux.vnet.ibm.com Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: "Qemu-devel" X-ZohoMail: RDMRC_1 RSF_0 Z_629925259 SPT_0 Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" The JSON parser translates invalid \uXXXX to garbage instead of rejecting it, and swallows \u0000. Fix by using mod_utf8_encode() instead of flawed wchar_to_utf8(). Valid surrogate pairs are now differently broken: they're rejected instead of translated to garbage. The next commit will fix them. Signed-off-by: Markus Armbruster Reviewed-by: Eric Blake --- qobject/json-parser.c | 35 ++++++----------------------------- tests/check-qjson.c | 41 +++++++++++------------------------------ 2 files changed, 17 insertions(+), 59 deletions(-) diff --git a/qobject/json-parser.c b/qobject/json-parser.c index 8bb278bc7d..9985d9929b 100644 --- a/qobject/json-parser.c +++ b/qobject/json-parser.c @@ -64,34 +64,6 @@ static void GCC_FMT_ATTR(3, 4) parse_error(JSONParserCon= text *ctxt, error_setg(&ctxt->err, "JSON parse error, %s", message); } =20 -/** - * String helpers - * - * These helpers are used to unescape strings. - */ -static void wchar_to_utf8(uint16_t wchar, char *buffer, size_t buffer_leng= th) -{ - if (wchar <=3D 0x007F) { - BUG_ON(buffer_length < 2); - - buffer[0] =3D wchar & 0x7F; - buffer[1] =3D 0; - } else if (wchar <=3D 0x07FF) { - BUG_ON(buffer_length < 3); - - buffer[0] =3D 0xC0 | ((wchar >> 6) & 0x1F); - buffer[1] =3D 0x80 | (wchar & 0x3F); - buffer[2] =3D 0; - } else { - BUG_ON(buffer_length < 4); - - buffer[0] =3D 0xE0 | ((wchar >> 12) & 0x0F); - buffer[1] =3D 0x80 | ((wchar >> 6) & 0x3F); - buffer[2] =3D 0x80 | (wchar & 0x3F); - buffer[3] =3D 0; - } -} - static int hex2decimal(char ch) { if (ch >=3D '0' && ch <=3D '9') { @@ -197,7 +169,12 @@ static QString *parse_string(JSONParserContext *ctxt, = JSONToken *token) ptr++; } =20 - wchar_to_utf8(cp, utf8_buf, sizeof(utf8_buf)); + if (mod_utf8_encode(utf8_buf, sizeof(utf8_buf), cp) < 0) { + parse_error(ctxt, token, + "\\u%.4s is not a valid Unicode character", + ptr - 3); + goto out; + } qstring_append(str, utf8_buf); break; default: diff --git a/tests/check-qjson.c b/tests/check-qjson.c index 61940d69c9..5c94c80241 100644 --- a/tests/check-qjson.c +++ b/tests/check-qjson.c @@ -64,7 +64,7 @@ static void escaped_string(void) { "triple byte utf-8 \\u20AC", "triple byte utf-8 \xe2\x82\xac" }, { "quadruple byte utf-8 \\uD834\\uDD1E", /* U+1D11E */ /* bug: want \xF0\x9D\x84\x9E */ - "quadruple byte utf-8 \xED\xA0\xB4\xED\xB4\x9E", .skip =3D 1 }, + NULL }, { "\\", NULL }, { "\\z", NULL }, { "\\ux", NULL }, @@ -72,35 +72,16 @@ static void escaped_string(void) { "\\u12x", NULL }, { "\\u123x", NULL }, { "\\u12345", "\341\210\2645" }, - { "\\u0000x", "x", .skip =3D 1}, /* bug: want \xC0\x80x */ - { "unpaired leading surrogate \\uD800", - /* bug: not rejected */ - "unpaired leading surrogate \355\240\200", .skip =3D 1 }, - { "unpaired leading surrogate \\uD800\\uCAFE", - /* bug: not rejected */ - "unpaired leading surrogate \355\240\200\354\253\276", .skip =3D= 1 }, - { "unpaired leading surrogate \\uD800\\uD801\\uDC02", - /* bug: not rejected */ - "unpaired leading surrogate \355\240\200\355\240\201\355\260\202= ", - .skip =3D 1 }, - { "unpaired trailing surrogate \\uDC00", - /* bug: not rejected */ - "unpaired trailing surrogate \355\260\200", .skip =3D 1}, - { "backward surrogate pair \\uDC00\\uD800", - /* bug: not rejected */ - "backward surrogate pair \355\260\200\355\240\200", .skip =3D 1}, - { "noncharacter U+FDD0 \\uFDD0", - /* bug: not rejected */ - "noncharacter U+FDD0 \xEF\xB7\x90", .skip =3D 1}, - { "noncharacter U+FDEF \\uFDEF", - /* bug: not rejected */ - "noncharacter U+FDEF \xEF\xB7\xAF", .skip =3D 1}, - { "noncharacter U+1FFFE \\uD87F\\uDFFE", - /* bug: not rejected */ - "noncharacter U+1FFFE \xED\xA1\xBF\xED\xBF\xBE", .skip =3D 1}, - { "noncharacter U+10FFFF \\uDC3F\\uDFFF", - /* bug: not rejected */ - "noncharacter U+10FFFF \xED\xB0\xBF\xED\xBF\xBF", .skip =3D 1}, + { "\\u0000x", "\xC0\x80x" }, + { "unpaired leading surrogate \\uD800", NULL }, + { "unpaired leading surrogate \\uD800\\uCAFE", NULL }, + { "unpaired leading surrogate \\uD800\\uD801\\uDC02", NULL }, + { "unpaired trailing surrogate \\uDC00", NULL }, + { "backward surrogate pair \\uDC00\\uD800", NULL }, + { "noncharacter U+FDD0 \\uFDD0", NULL }, + { "noncharacter U+FDEF \\uFDEF", NULL }, + { "noncharacter U+1FFFE \\uD87F\\uDFFE", NULL }, + { "noncharacter U+10FFFF \\uDC3F\\uDFFF", NULL }, {} }; int i, j; --=20 2.17.1