diff --git a/src/pack_unpack.c b/src/pack_unpack.c index eb15b17..5001764 100644 --- a/src/pack_unpack.c +++ b/src/pack_unpack.c @@ -9,6 +9,7 @@ #include #include #include "jansson_private.h" +#include "utf.h" typedef struct { const char *start; @@ -110,13 +111,18 @@ static json_t *pack_object(scanner_t *s, va_list *ap) goto error; } + if(!utf8_check_string(key, -1)) { + set_error(s, "", "Invalid UTF-8 in object key"); + goto error; + } + next_token(s); value = pack(s, ap); if(!value) goto error; - if(json_object_set_new(object, key, value)) { + if(json_object_set_new_nocheck(object, key, value)) { set_error(s, "", "Unable to add key \"%s\"", key); goto error; } @@ -178,7 +184,11 @@ static json_t *pack(scanner_t *s, va_list *ap) set_error(s, "", "NULL string argument"); return NULL; } - return json_string(str); + if(!utf8_check_string(str, -1)) { + set_error(s, "", "Invalid UTF-8 string"); + return NULL; + } + return json_string_nocheck(str); } case 'n': /* null */ diff --git a/test/suites/api/test_pack.c b/test/suites/api/test_pack.c index add5841..ccab051 100644 --- a/test/suites/api/test_pack.c +++ b/test/suites/api/test_pack.c @@ -208,14 +208,25 @@ int main() fail("json_pack failed to catch object as key"); check_error("Expected format 's', got '{'", "", 1, 3, 3); - + /* Complex object */ if(json_pack_ex(&error, 0, "{ s: {}, s:[ii{} }", "foo", "bar", 12, 13)) fail("json_pack failed to catch missing ]"); check_error("Unexpected format character '}'", "", 1, 19, 19); + /* Complex array */ if(json_pack_ex(&error, 0, "[[[[[ [[[[[ [[[[ }]]]] ]]]] ]]]]]")) fail("json_pack failed to catch extra }"); check_error("Unexpected format character '}'", "", 1, 21, 21); + /* Invalid UTF-8 in object key */ + if(json_pack_ex(&error, 0, "{s:i}", "\xff\xff", 42)) + fail("json_pack failed to catch invalid UTF-8 in an object key"); + check_error("Invalid UTF-8 in object key", "", 1, 2, 2); + + /* Invalid UTF-8 in a string */ + if(json_pack_ex(&error, 0, "{s:s}", "foo", "\xff\xff")) + fail("json_pack failed to catch invalid UTF-8 in a string"); + check_error("Invalid UTF-8 string", "", 1, 4, 4); + return 0; }