Fixing json parsing issues detected by libfuzz.

2 files changed, 17 insertions, 2 deletions

diff --git a/src/core/json/json_reader.c b/src/core/json/json_reader.c
index 30da6f28f3..9a97826287 100644
--- a/src/core/json/json_reader.c
+++ b/src/core/json/json_reader.c
@@ -280,13 +280,14 @@ grpc_json_reader_status grpc_json_reader_run(grpc_json_reader *reader) {
             break;
 
           case GRPC_JSON_STATE_OBJECT_KEY_STRING:
-            GPR_ASSERT(reader->unicode_high_surrogate == 0);
+            if (reader->unicode_high_surrogate != 0)
+              return GRPC_JSON_PARSE_ERROR;
             if (c == '"') {
               reader->state = GRPC_JSON_STATE_OBJECT_KEY_END;
               json_reader_set_key(reader);
               json_reader_string_clear(reader);
             } else {
-              if (c <= 0x001f) return GRPC_JSON_PARSE_ERROR;
+              if (c < 32) return GRPC_JSON_PARSE_ERROR;
               json_reader_string_add_char(reader, c);
             }
             break;
@@ -362,6 +363,8 @@ grpc_json_reader_status grpc_json_reader_run(grpc_json_reader *reader) {
                 reader->in_object = 0;
                 reader->in_array = 1;
                 break;
+              default:
+                return GRPC_JSON_PARSE_ERROR;
             }
             break;
 
diff --git a/test/core/json/json_test.c b/test/core/json/json_test.c
index 5add80d753..035265a6be 100644
--- a/test/core/json/json_test.c
+++ b/test/core/json/json_test.c
@@ -64,6 +64,7 @@ static testing_pair testing_pairs[] = {
     /* Testing UTF-8 character "𝄞", U+11D1E. */
     {"\"\xf0\x9d\x84\x9e\"", "\"\\ud834\\udd1e\""},
     {"\"\\ud834\\udd1e\"", "\"\\ud834\\udd1e\""},
+    {"{\"\\ud834\\udd1e\":0}", "{\"\\ud834\\udd1e\":0}"},
     /* Testing nested empty containers. */
     {
      " [ [ ] , { } , [ ] ] ", "[[],{},[]]",
@@ -85,20 +86,31 @@ static testing_pair testing_pairs[] = {
     /* Testing plain invalid things, exercising the state machine. */
     {"\\", NULL},
     {"nu ll", NULL},
+    {"{\"foo\": bar}", NULL},
+    {"{\"foo\": bar\"x\"}", NULL},
     {"fals", NULL},
     /* Testing unterminated string. */
     {"\"\\x", NULL},
     /* Testing invalid UTF-16 number. */
     {"\"\\u123x", NULL},
+    {"{\"\\u123x", NULL},
     /* Testing imbalanced surrogate pairs. */
     {"\"\\ud834f", NULL},
+    {"{\"\\ud834f\":0}", NULL},
     {"\"\\ud834\\n", NULL},
+    {"{\"\\ud834\\n\":0}", NULL},
     {"\"\\udd1ef", NULL},
+    {"{\"\\udd1ef\":0}", NULL},
     {"\"\\ud834\\ud834\"", NULL},
+    {"{\"\\ud834\\ud834\"\":0}", NULL},
     {"\"\\ud834\\u1234\"", NULL},
+    {"{\"\\ud834\\u1234\"\":0}", NULL},
     {"\"\\ud834]\"", NULL},
+    {"{\"\\ud834]\"\":0}", NULL},
     {"\"\\ud834 \"", NULL},
+    {"{\"\\ud834 \"\":0}", NULL},
     {"\"\\ud834\\\\\"", NULL},
+    {"{\"\\ud834\\\\\"\":0}", NULL},
     /* Testing embedded invalid whitechars. */
     {"\"\n\"", NULL},
     {"\"\t\"", NULL},