From c8a9e15a57886dbf3e51cd450bde8e0c4599bff3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89amonn=20McManus?= Date: Tue, 1 Aug 2023 13:11:25 -0700 Subject: [PATCH 1/3] Don't skip past `\0` when parsing JSON objects. A better solution might be to use -1 instead 0 to represent EOF everywhere, which of course means changing `char` variables to `int`. The solution here is enough to solve the immediate problem, though. Fixes #758. --- src/main/java/org/json/JSONObject.java | 6 +++++- src/test/java/org/json/junit/JSONObjectTest.java | 9 +++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/json/JSONObject.java b/src/main/java/org/json/JSONObject.java index 08eb8fd82..36f02d6c2 100644 --- a/src/main/java/org/json/JSONObject.java +++ b/src/main/java/org/json/JSONObject.java @@ -253,7 +253,11 @@ public JSONObject(JSONTokener x) throws JSONException { switch (x.nextClean()) { case ';': case ',': - if (x.nextClean() == '}') { + c = x.nextClean(); + if (c == 0) { + throw x.syntaxError("A JSONObject text must end with '}'"); + } + if (c == '}') { return; } x.back(); diff --git a/src/test/java/org/json/junit/JSONObjectTest.java b/src/test/java/org/json/junit/JSONObjectTest.java index ade552329..76c46ef19 100644 --- a/src/test/java/org/json/junit/JSONObjectTest.java +++ b/src/test/java/org/json/junit/JSONObjectTest.java @@ -2225,6 +2225,15 @@ public void jsonObjectParsingErrors() { "Expected a ',' or '}' at 15 [character 16 line 1]", e.getMessage()); } + try { + // \0 after , + String str = "{\"myKey\":true, \0\"myOtherKey\":false}"; + assertNull("Expected an exception",new JSONObject(str)); + } catch (JSONException e) { + assertEquals("Expecting an exception message", + "A JSONObject text must end with '}' at 15 [character 16 line 1]", + e.getMessage()); + } try { // append to wrong key String str = "{\"myKey\":true, \"myOtherKey\":false}"; From b6ff0db984a42550dabbef6d7fc9de2be4b56e0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89amonn=20McManus?= Date: Tue, 1 Aug 2023 13:49:59 -0700 Subject: [PATCH 2/3] Fix indentation in test. --- src/test/java/org/json/junit/JSONObjectTest.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/test/java/org/json/junit/JSONObjectTest.java b/src/test/java/org/json/junit/JSONObjectTest.java index 76c46ef19..e869a8d5c 100644 --- a/src/test/java/org/json/junit/JSONObjectTest.java +++ b/src/test/java/org/json/junit/JSONObjectTest.java @@ -2230,9 +2230,9 @@ public void jsonObjectParsingErrors() { String str = "{\"myKey\":true, \0\"myOtherKey\":false}"; assertNull("Expected an exception",new JSONObject(str)); } catch (JSONException e) { - assertEquals("Expecting an exception message", - "A JSONObject text must end with '}' at 15 [character 16 line 1]", - e.getMessage()); + assertEquals("Expecting an exception message", + "A JSONObject text must end with '}' at 15 [character 16 line 1]", + e.getMessage()); } try { // append to wrong key From 2a4bc3420acc10e30d99841279164d195d2a525e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89amonn=20McManus?= Date: Tue, 1 Aug 2023 14:38:45 -0700 Subject: [PATCH 3/3] Apply simplification suggested by @johnjaylward. --- src/main/java/org/json/JSONObject.java | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/src/main/java/org/json/JSONObject.java b/src/main/java/org/json/JSONObject.java index 36f02d6c2..5e00eb9a3 100644 --- a/src/main/java/org/json/JSONObject.java +++ b/src/main/java/org/json/JSONObject.java @@ -253,13 +253,12 @@ public JSONObject(JSONTokener x) throws JSONException { switch (x.nextClean()) { case ';': case ',': - c = x.nextClean(); - if (c == 0) { - throw x.syntaxError("A JSONObject text must end with '}'"); - } - if (c == '}') { + if (x.nextClean() == '}') { return; } + if (x.end()) { + throw x.syntaxError("A JSONObject text must end with '}'"); + } x.back(); break; case '}':