Prevent infinite looping in GetString on certain malformed strings (#167)

Bridget Lane · buger · commit 9a982e5282f3 · 2019-10-04T14:46:47.000+03:00
diff --git a/parser.go b/parser.go
@@ -333,6 +333,8 @@ func searchKeys(data []byte, keys ...string) int {
 					i += arraySkip - 1
 				}
 			}
+		case ':': // If encountered, JSON data is malformed
+			return -1
 		}
 
 		i++
diff --git a/parser_test.go b/parser_test.go
@@ -886,6 +886,20 @@ var getStringTests = []GetTest{
 		isFound: true,
 		data:    "value\b\f\n\r\tvalue", // value is unescaped since this is GetString()
 	},
+	{ // This test checks we avoid an infinite loop for certain malformed JSON. We don't check for all malformed JSON as it would reduce performance.
+		desc: `malformed with double quotes`,
+		json: `{"a"":1}`,
+		path: []string{"a"},
+		isFound: false,
+		data: ``,
+	},
+	{ // More malformed JSON testing, to be sure we avoid an infinite loop.
+		desc: `malformed with double quotes, and path does not exist`,
+		json: `{"z":123,"y":{"x":7,"w":0},"v":{"u":"t","s":"r","q":0,"p":1558051800},"a":"b","c":"2016-11-02T20:10:11Z","d":"e","f":"g","h":{"i":"j""},"k":{"l":"m"}}`,
+		path: []string{"o"},
+		isFound: false,
+		data: ``,
+	},
 }
 
 var getBoolTests = []GetTest{

Original file line number	Diff line number	Diff line change
`@@ -333,6 +333,8 @@ func searchKeys(data []byte, keys ...string) int {`
`333`	`333`	`i += arraySkip - 1`
`334`	`334`	`}`
`335`	`335`	`}`
	`336`	`+ case ':': // If encountered, JSON data is malformed`
	`337`	`+ return -1`
`336`	`338`	`}`
`337`	`339`
`338`	`340`	`i++`