aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--src/core/lib/json/json_reader.c7
-rw-r--r--test/core/json/fuzzer.c7
-rw-r--r--test/core/json/json_test.c2
3 files changed, 10 insertions, 6 deletions
diff --git a/src/core/lib/json/json_reader.c b/src/core/lib/json/json_reader.c
index 4cff13dff1..098e089eed 100644
--- a/src/core/lib/json/json_reader.c
+++ b/src/core/lib/json/json_reader.c
@@ -180,6 +180,13 @@ grpc_json_reader_status grpc_json_reader_run(grpc_json_reader *reader) {
case GRPC_JSON_STATE_VALUE_NUMBER_WITH_DECIMAL:
case GRPC_JSON_STATE_VALUE_NUMBER_ZERO:
case GRPC_JSON_STATE_VALUE_NUMBER_EPM:
+ if (reader->depth == 0) {
+ return GRPC_JSON_PARSE_ERROR;
+ } else if ((c == '}') && !reader->in_object) {
+ return GRPC_JSON_PARSE_ERROR;
+ } else if ((c == ']') && !reader->in_array) {
+ return GRPC_JSON_PARSE_ERROR;
+ }
success = (uint32_t)json_reader_set_number(reader);
if (!success) return GRPC_JSON_PARSE_ERROR;
json_reader_string_clear(reader);
diff --git a/test/core/json/fuzzer.c b/test/core/json/fuzzer.c
index a62ffebccb..c32ba7912f 100644
--- a/test/core/json/fuzzer.c
+++ b/test/core/json/fuzzer.c
@@ -67,11 +67,8 @@ void guard_free(void *vptr) {
g_old_allocs.free_fn(ptr);
}
-struct gpr_allocation_functions g_guard_allocs = {
- guard_malloc,
- guard_realloc,
- guard_free
-};
+struct gpr_allocation_functions g_guard_allocs = {guard_malloc, guard_realloc,
+ guard_free};
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
char *s;
diff --git a/test/core/json/json_test.c b/test/core/json/json_test.c
index 49bdf377ac..735ff4c853 100644
--- a/test/core/json/json_test.c
+++ b/test/core/json/json_test.c
@@ -89,7 +89,7 @@ static testing_pair testing_pairs[] = {
{"{\"foo\": bar}", NULL},
{"{\"foo\": bar\"x\"}", NULL},
{"fals", NULL},
- {"0,0", NULL},
+ {"0,0 ", NULL},
/* Testing unterminated string. */
{"\"\\x", NULL},
/* Testing invalid UTF-16 number. */