diff options
-rw-r--r-- | src/core/lib/json/json_reader.c | 7 | ||||
-rw-r--r-- | test/core/json/fuzzer.c | 7 | ||||
-rw-r--r-- | test/core/json/json_test.c | 2 |
3 files changed, 10 insertions, 6 deletions
diff --git a/src/core/lib/json/json_reader.c b/src/core/lib/json/json_reader.c index 4cff13dff1..098e089eed 100644 --- a/src/core/lib/json/json_reader.c +++ b/src/core/lib/json/json_reader.c @@ -180,6 +180,13 @@ grpc_json_reader_status grpc_json_reader_run(grpc_json_reader *reader) { case GRPC_JSON_STATE_VALUE_NUMBER_WITH_DECIMAL: case GRPC_JSON_STATE_VALUE_NUMBER_ZERO: case GRPC_JSON_STATE_VALUE_NUMBER_EPM: + if (reader->depth == 0) { + return GRPC_JSON_PARSE_ERROR; + } else if ((c == '}') && !reader->in_object) { + return GRPC_JSON_PARSE_ERROR; + } else if ((c == ']') && !reader->in_array) { + return GRPC_JSON_PARSE_ERROR; + } success = (uint32_t)json_reader_set_number(reader); if (!success) return GRPC_JSON_PARSE_ERROR; json_reader_string_clear(reader); diff --git a/test/core/json/fuzzer.c b/test/core/json/fuzzer.c index a62ffebccb..c32ba7912f 100644 --- a/test/core/json/fuzzer.c +++ b/test/core/json/fuzzer.c @@ -67,11 +67,8 @@ void guard_free(void *vptr) { g_old_allocs.free_fn(ptr); } -struct gpr_allocation_functions g_guard_allocs = { - guard_malloc, - guard_realloc, - guard_free -}; +struct gpr_allocation_functions g_guard_allocs = {guard_malloc, guard_realloc, + guard_free}; int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) { char *s; diff --git a/test/core/json/json_test.c b/test/core/json/json_test.c index 49bdf377ac..735ff4c853 100644 --- a/test/core/json/json_test.c +++ b/test/core/json/json_test.c @@ -89,7 +89,7 @@ static testing_pair testing_pairs[] = { {"{\"foo\": bar}", NULL}, {"{\"foo\": bar\"x\"}", NULL}, {"fals", NULL}, - {"0,0", NULL}, + {"0,0 ", NULL}, /* Testing unterminated string. */ {"\"\\x", NULL}, /* Testing invalid UTF-16 number. */ |