🚑 fix for #452

b9f31494 · Niels Lohmann · 82fb6137 · b9f31494 · b9f31494 · b9f31494
Unverified Commit b9f31494 authored Feb 15, 2017 by Niels Lohmann
Showing with 17 additions and 1 deletion

json.hpp src/json.hpp +0 -0

json.hpp.re2c src/json.hpp.re2c +2 -0

unit-class_parser.cpp test/src/unit-class_parser.cpp +3 -1

unit-regression.cpp test/src/unit-regression.cpp +12 -0

No files found.
--- a/src/json.hpp
+++ b/src/json.hpp
--- a/src/json.hpp.re2c
+++ b/src/json.hpp.re2c
@@ -9698,6 +9698,8 @@ class basic_json
                    exp             = e (minus | plus)? digit+;
                    frac            = decimal_point digit+;
                    int             = (zero | digit_1_9 digit*);
+                    invalid_int     = minus? "0" digit+;
+                    invalid_int     { last_token_type = token_type::parse_error; break; }
                    number_unsigned = int;
                    number_unsigned { last_token_type = token_type::value_unsigned; break; }
                    number_integer  = minus int;

--- a/test/src/unit-class_parser.cpp
+++ b/test/src/unit-class_parser.cpp
@@ -299,7 +299,9 @@ TEST_CASE("parser class")
                CHECK_THROWS_AS(json::parser("+0").parse(), std::invalid_argument);
                CHECK_THROWS_WITH(json::parser("01").parse(),
-                                  "parse error - unexpected number literal");
+                                  "parse error - unexpected '01'");
+                CHECK_THROWS_WITH(json::parser("-01").parse(),
+                                  "parse error - unexpected '-01'");
                CHECK_THROWS_WITH(json::parser("--1").parse(), "parse error - unexpected '-'");
                CHECK_THROWS_WITH(json::parser("1.").parse(),
                                  "parse error - unexpected '.'; expected end of input");

--- a/test/src/unit-regression.cpp
+++ b/test/src/unit-regression.cpp
@@ -724,4 +724,16 @@ TEST_CASE("regression tests")
        };
        CHECK_THROWS_AS(json::from_cbor(vec2), std::out_of_range);
    }
+    SECTION("issue #452 - Heap-buffer-overflow (OSS-Fuzz issue 585)")
+    {
+        std::vector<uint8_t> vec = {'-', '0', '1', '2', '2', '7', '4'};
+        CHECK_THROWS_AS(json::parse(vec), std::invalid_argument);
+    }
+    //SECTION("issue #454 - doubles are printed as integers")
+    //{
+    //    json j = R"({"bool_value":true,"double_value":2.0,"int_value":10,"level1":{"list_value":[3,"hi",false],"tmp":5.0},"string_value":"hello"})"_json;
+    //    CHECK(j["double_value"].is_number_integer());
+    //}
 }