From 0052a318680af83242d7af67acd3b055bde740c5 Mon Sep 17 00:00:00 2001
From: Florin Malita <fmalita@chromium.org>
Date: Fri, 15 Jun 2018 16:42:09 -0400
Subject: [skjson] Detect end-of-input for unbalanced strings

We currently blow through string chars without checking for end-of-input.

Maybe we could avoid this upfront, when we locate the stop char: try to
determine if it's part of an unterminated string, fail immediately if
so.  Figuring out if the tail is an unterminated string seems
intractable though (requires arbitrarily deep tail parsing).

That brings us to plan B:

  * treat scope-closing tokens (} & ]) as string terminators
    (we know end-of-input points to one of these for sure)

  * adjust matchString() to check for end-of-input

Bug: oss-fuzz:8899
Change-Id: Ic0a88a405548e8724b76faca525099a7e7037341
Reviewed-on: https://skia-review.googlesource.com/135145
Commit-Queue: Florin Malita <fmalita@chromium.org>
Reviewed-by: Kevin Lubick <kjlubick@google.com>
---
 modules/skjson/src/SkJSONTest.cpp | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'modules/skjson/src/SkJSONTest.cpp')

diff --git a/modules/skjson/src/SkJSONTest.cpp b/modules/skjson/src/SkJSONTest.cpp
index 1aaa278fb8..df04ac3529 100644
--- a/modules/skjson/src/SkJSONTest.cpp
+++ b/modules/skjson/src/SkJSONTest.cpp
@@ -32,6 +32,8 @@ DEF_TEST(SkJSON_Parse, reporter) {
         { "{}f"  , nullptr },
         { "{]"   , nullptr },
         { "[}"   , nullptr },
+        { "{\"}" , nullptr },
+        { "[\"]" , nullptr },
         { "1"    , nullptr },
         { "true" , nullptr },
         { "false", nullptr },
@@ -68,6 +70,7 @@ DEF_TEST(SkJSON_Parse, reporter) {
         { "[ 1 ]"                        , "[1]" },
         { "[ 1.248 ]"                    , "[1.248]" },
         { "[ \"\" ]"                     , "[\"\"]" },
+        { "[ \"foo{bar}baz\" ]"          , "[\"foo{bar}baz\"]" },
         { "[ \" f o o \" ]"              , "[\" f o o \"]" },
         { "[ \"123456\" ]"               , "[\"123456\"]" },
         { "[ \"1234567\" ]"              , "[\"1234567\"]" },
@@ -78,6 +81,7 @@ DEF_TEST(SkJSON_Parse, reporter) {
         { "{}"                          , "{}" },
         { " \n\r\t { \n\r\t } \n\r\t "  , "{}" },
         { "{ \"k\" : null }"            , "{\"k\":null}" },
+        { "{ \"foo{\" : \"bar}baz\" }"  , "{\"foo{\":\"bar}baz\"}" },
         { "{ \"k1\" : null, \"k2 \":0 }", "{\"k1\":null,\"k2 \":0}" },
         { "{ \"k1\" : null, \"k1\":0 }" , "{\"k1\":null,\"k1\":0}" },
 
-- 
cgit v1.2.3