In JSONParser::getToken reject illegal control characters

author: m-holger <m-holger@kubitscheck.org> 2023-01-29 12:39:15 +0100
committer: m-holger <m-holger@kubitscheck.org> 2023-02-04 15:55:49 +0100
commit: 5ac6a12e0a76613d29edc65beb6b99af45172493 (patch)
tree: be3b45e33c5603f32e004d2d412a7be95016b434 /libqpdf
parent: 1b89e7684edc7af2ad4ae998bba41b40f8780c3f (diff)
download: qpdf-5ac6a12e0a76613d29edc65beb6b99af45172493.tar.zst
1 files changed, 16 insertions, 4 deletions
diff --git a/libqpdf/JSON.cc b/libqpdf/JSON.cc
index b972d8aa..da0de9eb 100644
--- a/libqpdf/JSON.cc
+++ b/libqpdf/JSON.cc
@@ -780,10 +780,22 @@ JSONParser::getToken()
             }
         }
 
-        if (*p == 0) {
-            QTC::TC("libtests", "JSON parse null character");
-            throw std::runtime_error(
-                "JSON: null character at offset " + std::to_string(offset));
+        if ((*p < 32 && *p >= 0)) {
+            if (*p == '\t' || *p == '\n' || *p == '\r') {
+                // Legal white space not permitted in strings. This will always
+                // end the current token (unless we are still before the start
+                // of the token).
+                if (lex_state == ls_top) {
+                    // Continue with token
+                } else {
+                    // done
+                }
+            } else {
+                QTC::TC("libtests", "JSON parse null character");
+                throw std::runtime_error(
+                    "JSON: control or null character at offset " +
+                    std::to_string(offset));
+            }
         }
         action = append;
         switch (lex_state) {
author	m-holger <m-holger@kubitscheck.org>	2023-01-29 12:39:15 +0100
committer	m-holger <m-holger@kubitscheck.org>	2023-02-04 15:55:49 +0100
commit	5ac6a12e0a76613d29edc65beb6b99af45172493 (patch)
tree	be3b45e33c5603f32e004d2d412a7be95016b434 /libqpdf
parent	1b89e7684edc7af2ad4ae998bba41b40f8780c3f (diff)
download	qpdf-5ac6a12e0a76613d29edc65beb6b99af45172493.tar.zst