mirror of
https://github.com/sqlite/sqlite.git
synced 2025-11-09 14:21:03 +03:00
When backing out a character in a constructed string in JSON, first make sure
the string has not been reset by on OOM. dbsqlfuzz 2fffbea91a5376526ea118d4fe4188c8dd35e317. FossilOrigin-Name: 666690eb433fe38fa527ccbbb8e2c00041a33939da4f6b8bfb737d664f28f0d8
This commit is contained in:
drh
24
src/json.c
24
src/json.c
@@ -589,6 +589,16 @@ static void jsonAppendChar(JsonString *p, char c){
|
||||
}
|
||||
}
|
||||
|
||||
/* Remove a single character from the end of the string
|
||||
*/
|
||||
static void jsonStringTrimOneChar(JsonString *p){
|
||||
if( p->eErr==0 ){
|
||||
assert( p->nUsed>0 );
|
||||
p->nUsed--;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/* Make sure there is a zero terminator on p->zBuf[]
|
||||
**
|
||||
** Return true on success. Return false if an OOM prevents this
|
||||
@@ -596,7 +606,7 @@ static void jsonAppendChar(JsonString *p, char c){
|
||||
*/
|
||||
static int jsonStringTerminate(JsonString *p){
|
||||
jsonAppendChar(p, 0);
|
||||
p->nUsed--;
|
||||
jsonStringTrimOneChar(p);
|
||||
return p->eErr==0;
|
||||
}
|
||||
|
||||
@@ -2261,7 +2271,7 @@ static u32 jsonTranslateBlobToText(
|
||||
j = jsonTranslateBlobToText(pParse, j, pOut);
|
||||
jsonAppendChar(pOut, ',');
|
||||
}
|
||||
if( sz>0 ) pOut->nUsed--;
|
||||
if( sz>0 ) jsonStringTrimOneChar(pOut);
|
||||
jsonAppendChar(pOut, ']');
|
||||
break;
|
||||
}
|
||||
@@ -2275,7 +2285,7 @@ static u32 jsonTranslateBlobToText(
|
||||
jsonAppendChar(pOut, (x++ & 1) ? ',' : ':');
|
||||
}
|
||||
if( x & 1 ) pOut->eErr |= JSTRING_MALFORMED;
|
||||
if( sz>0 ) pOut->nUsed--;
|
||||
if( sz>0 ) jsonStringTrimOneChar(pOut);
|
||||
jsonAppendChar(pOut, '}');
|
||||
break;
|
||||
}
|
||||
@@ -4403,7 +4413,7 @@ static void jsonArrayCompute(sqlite3_context *ctx, int isFinal){
|
||||
if( isFinal ){
|
||||
if( !pStr->bStatic ) sqlite3RCStrUnref(pStr->zBuf);
|
||||
}else{
|
||||
pStr->nUsed--;
|
||||
jsonStringTrimOneChar(pStr);
|
||||
}
|
||||
return;
|
||||
}else if( isFinal ){
|
||||
@@ -4413,7 +4423,7 @@ static void jsonArrayCompute(sqlite3_context *ctx, int isFinal){
|
||||
pStr->bStatic = 1;
|
||||
}else{
|
||||
sqlite3_result_text(ctx, pStr->zBuf, (int)pStr->nUsed, SQLITE_TRANSIENT);
|
||||
pStr->nUsed--;
|
||||
jsonStringTrimOneChar(pStr);
|
||||
}
|
||||
}else{
|
||||
sqlite3_result_text(ctx, "[]", 2, SQLITE_STATIC);
|
||||
@@ -4523,7 +4533,7 @@ static void jsonObjectCompute(sqlite3_context *ctx, int isFinal){
|
||||
if( isFinal ){
|
||||
if( !pStr->bStatic ) sqlite3RCStrUnref(pStr->zBuf);
|
||||
}else{
|
||||
pStr->nUsed--;
|
||||
jsonStringTrimOneChar(pStr);
|
||||
}
|
||||
return;
|
||||
}else if( isFinal ){
|
||||
@@ -4533,7 +4543,7 @@ static void jsonObjectCompute(sqlite3_context *ctx, int isFinal){
|
||||
pStr->bStatic = 1;
|
||||
}else{
|
||||
sqlite3_result_text(ctx, pStr->zBuf, (int)pStr->nUsed, SQLITE_TRANSIENT);
|
||||
pStr->nUsed--;
|
||||
jsonStringTrimOneChar(pStr);
|
||||
}
|
||||
}else{
|
||||
sqlite3_result_text(ctx, "{}", 2, SQLITE_STATIC);
|
||||
|
||||
Reference in New Issue
Block a user