diff options
author | m-holger <m-holger@kubitscheck.org> | 2023-01-29 12:39:15 +0100 |
---|---|---|
committer | m-holger <m-holger@kubitscheck.org> | 2023-02-04 15:55:49 +0100 |
commit | 5ac6a12e0a76613d29edc65beb6b99af45172493 (patch) | |
tree | be3b45e33c5603f32e004d2d412a7be95016b434 /libqpdf | |
parent | 1b89e7684edc7af2ad4ae998bba41b40f8780c3f (diff) | |
download | qpdf-5ac6a12e0a76613d29edc65beb6b99af45172493.tar.zst |
In JSONParser::getToken reject illegal control characters
Diffstat (limited to 'libqpdf')
-rw-r--r-- | libqpdf/JSON.cc | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/libqpdf/JSON.cc b/libqpdf/JSON.cc index b972d8aa..da0de9eb 100644 --- a/libqpdf/JSON.cc +++ b/libqpdf/JSON.cc @@ -780,10 +780,22 @@ JSONParser::getToken() } } - if (*p == 0) { - QTC::TC("libtests", "JSON parse null character"); - throw std::runtime_error( - "JSON: null character at offset " + std::to_string(offset)); + if ((*p < 32 && *p >= 0)) { + if (*p == '\t' || *p == '\n' || *p == '\r') { + // Legal white space not permitted in strings. This will always + // end the current token (unless we are still before the start + // of the token). + if (lex_state == ls_top) { + // Continue with token + } else { + // done + } + } else { + QTC::TC("libtests", "JSON parse null character"); + throw std::runtime_error( + "JSON: control or null character at offset " + + std::to_string(offset)); + } } action = append; switch (lex_state) { |