sync:Issue 1182: Fix fuzzing bug

Signed-off-by: zhangzhangxin <zhangxin1@xfusion.com>
2023-04-28 10:59:43 +08:00 · 2023-04-28 10:59:43 +08:00 · 1eadb6ee25
commit 1eadb6ee25
parent ec752f7627
2 changed files with 45 additions and 1 deletions
--- a/0001-sync-Issue-1182-Fix-fuzzing-bug.patch
+++ b/0001-sync-Issue-1182-Fix-fuzzing-bug.patch
@ -0,0 +1,40 @@
+From 0398d63a8435d5b8f71f07aa8c42e7d65815f97e Mon Sep 17 00:00:00 2001
+From: zhangzhangxin <zhangxin1@xfusion.com>
+Date: Fri, 28 Apr 2023 10:50:40 +0800
+Subject: [PATCH] sync:Issue 1182: Fix fuzzing bug
+
+Signed-off-by: zhangzhangxin <zhangxin1@xfusion.com>
+---
+ src/lib_json/json_reader.cpp      | 7 +++++--
+ test/data/fail_invalid_quote.json | 1 +
+ 2 files changed, 6 insertions(+), 2 deletions(-)
+ create mode 100644 test/data/fail_invalid_quote.json
+
+diff --git a/src/lib_json/json_reader.cpp b/src/lib_json/json_reader.cpp
+index 23cbe60..19922a8 100644
+--- a/src/lib_json/json_reader.cpp
+++ b/src/lib_json/json_reader.cpp
+@@ -1175,8 +1175,11 @@ bool OurReader::readToken(Token& token) {
+     if (features_.allowSingleQuotes_) {
+       token.type_ = tokenString;
+       ok = readStringSingleQuote();
+-      break;
+-    } // else fall through
+    } else {
+      // If we don't allow single quotes, this is a failure case.
+      ok = false;
+    }
+    break;
+   case '/':
+     token.type_ = tokenComment;
+     ok = readComment();
+diff --git a/test/data/fail_invalid_quote.json b/test/data/fail_invalid_quote.json
+new file mode 100644
+index 0000000..0dd76ed
+--- /dev/null
+++ b/test/data/fail_invalid_quote.json
+@@ -0,0 +1 @@
+{'//this is bad JSON.'}
+-- 
+2.40.0.windows.1
+
--- a/jsoncpp.spec
+++ b/jsoncpp.spec
@ -1,11 +1,12 @@
 Name:           jsoncpp
 Version:        1.9.3
-Release:        2
+Release:        3
 Summary:        JSON C++ library
 License:        Public Domain or MIT
 URL:            https://github.com/open-source-parsers/jsoncpp
 Source0:        https://github.com/open-source-parsers/jsoncpp/archive/%{version}/%{name}-%{version}.tar.gz
 BuildRequires:  gcc-c++ cmake >= 3.1 python3-devel
+Patch0:         0001-sync-Issue-1182-Fix-fuzzing-bug.patch

 %description
 JsonCpp is a C++ library that allows manipulating JSON values,
@ -87,6 +88,9 @@ hardlink -cfv %{buildroot}%{_docdir}/%{name}


 %changelog
+* Fri Apr 28 2023 zhujunhao <zhujunhao5@huawei.com> - 1.9.3-3
+- Issue 1182: Fix fuzzing bug
+
 * Thu Sep 24 2020 tianwei<tianwei12@huawei.com> - 1.9.3-2
 - Type:update
 - ID:NA