patch 8.0.1602: crash in parsing JSON
Problem: Crash in parsing JSON.
Solution: Fail when using array or dict as dict key. (Damien)
diff --git a/src/json.c b/src/json.c
index 6f914ea..e1f40bf 100644
--- a/src/json.c
+++ b/src/json.c
@@ -621,7 +621,9 @@
if (top_item != NULL && top_item->jd_type == JSON_OBJECT_KEY
&& (options & JSON_JS)
&& reader->js_buf[reader->js_used] != '"'
- && reader->js_buf[reader->js_used] != '\'')
+ && reader->js_buf[reader->js_used] != '\''
+ && reader->js_buf[reader->js_used] != '['
+ && reader->js_buf[reader->js_used] != '{')
{
char_u *key;
@@ -642,6 +644,11 @@
switch (*p)
{
case '[': /* start of array */
+ if (top_item && top_item->jd_type == JSON_OBJECT_KEY)
+ {
+ retval = FAIL;
+ break;
+ }
if (ga_grow(&stack, 1) == FAIL)
{
retval = FAIL;
@@ -668,6 +675,11 @@
continue;
case '{': /* start of object */
+ if (top_item && top_item->jd_type == JSON_OBJECT_KEY)
+ {
+ retval = FAIL;
+ break;
+ }
if (ga_grow(&stack, 1) == FAIL)
{
retval = FAIL;
diff --git a/src/testdir/test_json.vim b/src/testdir/test_json.vim
index acd2ea8..396651e 100644
--- a/src/testdir/test_json.vim
+++ b/src/testdir/test_json.vim
@@ -179,6 +179,9 @@
call assert_fails('call json_decode("[1 2]")', "E474:")
call assert_fails('call json_decode("[1,,2]")', "E474:")
+
+ call assert_fails('call json_decode("{{}:42}")', "E474:")
+ call assert_fails('call json_decode("{[]:42}")', "E474:")
endfunc
let s:jsl5 = '[7,,,]'
diff --git a/src/version.c b/src/version.c
index 50422aa..2a537e6 100644
--- a/src/version.c
+++ b/src/version.c
@@ -767,6 +767,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 1602,
+/**/
1601,
/**/
1600,