From: Markus Armbruster <armbru@redhat.com>
To: qemu-devel@nongnu.org
Cc: marcandre.lureau@redhat.com, mdroth@linux.vnet.ibm.com,
eblake@redhat.com
Subject: [Qemu-devel] [PATCH v2 17/60] json: Reject unescaped control characters
Date: Fri, 17 Aug 2018 17:05:16 +0200 [thread overview]
Message-ID: <20180817150559.16243-18-armbru@redhat.com> (raw)
In-Reply-To: <20180817150559.16243-1-armbru@redhat.com>
Fix the lexer to reject unescaped control characters in JSON strings,
in accordance with RFC 7159.
Bonus: we now recover more nicely from unclosed strings. E.g.
{"one: 1}\n{"two": 2}
now recovers cleanly after the newline, where before the lexer
remained confused until the next unpaired double quote or lexical
error.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
---
qobject/json-lexer.c | 4 ++--
tests/check-qjson.c | 6 +-----
tests/qmp-test.c | 4 ++--
3 files changed, 5 insertions(+), 9 deletions(-)
diff --git a/qobject/json-lexer.c b/qobject/json-lexer.c
index 7c0875d225..e85e9a78ff 100644
--- a/qobject/json-lexer.c
+++ b/qobject/json-lexer.c
@@ -115,7 +115,7 @@ static const uint8_t json_lexer[][256] = {
['u'] = IN_DQ_UCODE0,
},
[IN_DQ_STRING] = {
- [1 ... 0xBF] = IN_DQ_STRING,
+ [0x20 ... 0xBF] = IN_DQ_STRING,
[0xC2 ... 0xF4] = IN_DQ_STRING,
['\\'] = IN_DQ_STRING_ESCAPE,
['"'] = JSON_STRING,
@@ -155,7 +155,7 @@ static const uint8_t json_lexer[][256] = {
['u'] = IN_SQ_UCODE0,
},
[IN_SQ_STRING] = {
- [1 ... 0xBF] = IN_SQ_STRING,
+ [0x20 ... 0xBF] = IN_SQ_STRING,
[0xC2 ... 0xF4] = IN_SQ_STRING,
['\\'] = IN_SQ_STRING_ESCAPE,
['\''] = JSON_STRING,
diff --git a/tests/check-qjson.c b/tests/check-qjson.c
index 4fb43e4d5d..dd6bb76ec5 100644
--- a/tests/check-qjson.c
+++ b/tests/check-qjson.c
@@ -202,11 +202,7 @@ static void utf8_string(void)
"\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F",
- /* bug: not corrected (valid UTF-8, but invalid JSON) */
- "\x01\x02\x03\x04\x05\x06\x07"
- "\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"
- "\x10\x11\x12\x13\x14\x15\x16\x17"
- "\x18\x19\x1A\x1B\x1C\x1D\x1E\x1F",
+ NULL,
"\\u0001\\u0002\\u0003\\u0004\\u0005\\u0006\\u0007"
"\\b\\t\\n\\u000B\\f\\r\\u000E\\u000F"
"\\u0010\\u0011\\u0012\\u0013\\u0014\\u0015\\u0016\\u0017"
diff --git a/tests/qmp-test.c b/tests/qmp-test.c
index 5edc97f63f..7b3ba17c4a 100644
--- a/tests/qmp-test.c
+++ b/tests/qmp-test.c
@@ -86,9 +86,9 @@ static void test_malformed(QTestState *qts)
g_assert(recovered(qts));
/* lexical error: control character in string */
- qtest_qmp_send_raw(qts, "{'execute': 'nonexistent', 'id':'\n'}");
+ qtest_qmp_send_raw(qts, "{'execute': 'nonexistent', 'id':'\n");
resp = qtest_qmp_receive(qts);
- g_assert_cmpstr(get_error_class(resp), ==, "CommandNotFound"); /* BUG */
+ g_assert_cmpstr(get_error_class(resp), ==, "GenericError");
qobject_unref(resp);
g_assert(recovered(qts));
--
2.17.1
next prev parent reply other threads:[~2018-08-17 15:06 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-17 15:04 [Qemu-devel] [PATCH v2 00/60] json: Fixes, error reporting improvements, cleanups Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 01/60] check-qjson: Cover multiple JSON objects in same string Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 02/60] check-qjson: Cover blank and lexically erroneous input Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 03/60] check-qjson: Cover whitespace more thoroughly Markus Armbruster
2018-08-17 15:48 ` Eric Blake
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 04/60] qmp-cmd-test: Split off qmp-test Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 05/60] qmp-test: Cover syntax and lexical errors Markus Armbruster
2018-08-17 15:51 ` Eric Blake
2018-08-20 8:34 ` Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 06/60] test-qga: Clean up how we test QGA synchronization Markus Armbruster
2018-08-17 15:52 ` Eric Blake
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 07/60] check-qjson: Cover escaped characters more thoroughly, part 1 Markus Armbruster
2018-08-17 16:22 ` Eric Blake
2018-08-20 9:16 ` Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 08/60] check-qjson: Streamline escaped_string()'s test strings Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 09/60] check-qjson: Cover escaped characters more thoroughly, part 2 Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 10/60] check-qjson: Consolidate partly redundant string tests Markus Armbruster
2018-08-17 16:23 ` Eric Blake
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 11/60] check-qjson: Cover UTF-8 in single quoted strings Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 12/60] check-qjson: Simplify utf8_string() Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 13/60] check-qjson: Fix utf8_string() to test all invalid sequences Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 14/60] check-qjson qmp-test: Cover control characters more thoroughly Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 15/60] check-qjson: Cover interpolation " Markus Armbruster
2018-08-17 16:26 ` Eric Blake
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 16/60] json: Fix lexer to include the bad character in JSON_ERROR token Markus Armbruster
2018-08-17 15:05 ` Markus Armbruster [this message]
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 18/60] json: Revamp lexer documentation Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 19/60] json: Tighten and simplify qstring_from_escaped_str()'s loop Markus Armbruster
2018-08-17 16:26 ` Eric Blake
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 20/60] check-qjson: Document we expect invalid UTF-8 to be rejected Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 21/60] json: Reject invalid UTF-8 sequences Markus Armbruster
2018-08-17 16:29 ` Eric Blake
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 22/60] json: Report first rather than last parse error Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 23/60] json: Leave rejecting invalid UTF-8 to parser Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 24/60] json: Accept overlong \xC0\x80 as U+0000 ("modified UTF-8") Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 25/60] json: Leave rejecting invalid escape sequences to parser Markus Armbruster
2018-08-17 16:32 ` Eric Blake
2018-08-20 8:44 ` Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 26/60] json: Simplify parse_string() Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 27/60] json: Reject invalid \uXXXX, fix \u0000 Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 28/60] json: Fix \uXXXX for surrogate pairs Markus Armbruster
2018-08-17 16:36 ` Eric Blake
2018-08-20 8:40 ` Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 29/60] check-qjson: Fix and enable utf8_string()'s disabled part Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 30/60] json: remove useless return value from lexer/parser Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 31/60] json-parser: simplify and avoid JSONParserContext allocation Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 32/60] json: Have lexer call streamer directly Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 33/60] json: Redesign the callback to consume JSON values Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 34/60] json: Don't pass null @tokens to json_parser_parse() Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 35/60] json: Don't create JSON_ERROR tokens that won't be used Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 36/60] json: Rename token JSON_ESCAPE & friends to JSON_INTERPOL Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 37/60] json: Treat unwanted interpolation as lexical error Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 38/60] json: Pass lexical errors and limit violations to callback Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 39/60] json: Leave rejecting invalid interpolation to parser Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 40/60] json: Replace %I64d, %I64u by %PRId64, %PRIu64 Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 41/60] json: Nicer recovery from invalid leading zero Markus Armbruster
2018-08-17 16:03 ` Eric Blake
2018-08-20 11:39 ` Markus Armbruster
2018-08-20 18:36 ` Eric Blake
2018-08-21 5:10 ` Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 42/60] json: Improve names of lexer states related to numbers Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 43/60] qjson: Fix qobject_from_json() & friends for multiple values Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 44/60] json: Fix latent parser aborts at end of input Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 45/60] json: Fix streamer not to ignore trailing unterminated structures Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 46/60] json: Assert json_parser_parse() consumes all tokens on success Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 47/60] qjson: Have qobject_from_json() & friends reject empty and blank Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 48/60] json: Enforce token count and size limits more tightly Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 49/60] json: Streamline json_message_process_token() Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 50/60] json: Unbox tokens queue in JSONMessageParser Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 51/60] json: Eliminate lexer state IN_ERROR and pseudo-token JSON_MIN Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 52/60] json: Eliminate lexer state IN_WHITESPACE, pseudo-token JSON_SKIP Markus Armbruster
2018-08-17 16:07 ` Eric Blake
2018-08-20 11:51 ` Markus Armbruster
2018-08-20 18:38 ` Eric Blake
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 53/60] json: Make JSONToken opaque outside json-parser.c Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 54/60] qobject: Drop superfluous includes of qemu-common.h Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 55/60] json: Clean up headers Markus Armbruster
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 56/60] docs/interop/qmp-spec: How to force known good parser state Markus Armbruster
2018-08-17 16:42 ` Eric Blake
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 57/60] tests/drive_del-test: Fix harmless JSON interpolation bug Markus Armbruster
2018-08-17 16:43 ` Eric Blake
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 58/60] json: Keep interpolation state in JSONParserContext Markus Armbruster
2018-08-17 18:09 ` Eric Blake
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 59/60] json: Improve safety of qobject_from_jsonf_nofail() & friends Markus Armbruster
2018-08-17 18:14 ` Eric Blake
2018-08-17 15:05 ` [Qemu-devel] [PATCH v2 60/60] json: Support %% in JSON strings when interpolating Markus Armbruster
2018-08-17 18:18 ` Eric Blake
2018-08-18 10:02 ` [Qemu-devel] [PATCH v2 00/60] json: Fixes, error reporting improvements, cleanups no-reply
2018-08-20 8:31 ` Markus Armbruster
2018-08-20 8:42 ` Fam Zheng
2018-08-20 11:59 ` Markus Armbruster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180817150559.16243-18-armbru@redhat.com \
--to=armbru@redhat.com \
--cc=eblake@redhat.com \
--cc=marcandre.lureau@redhat.com \
--cc=mdroth@linux.vnet.ibm.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).