From 3eb77a700434ed6d9b51e326fa4d49c530fcd473 Mon Sep 17 00:00:00 2001 From: Jay Berkenbilt Date: Fri, 20 May 2022 09:57:30 -0400 Subject: JSON: detect duplicate dictionary keys while parsing --- libqpdf/JSON.cc | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) (limited to 'libqpdf/JSON.cc') diff --git a/libqpdf/JSON.cc b/libqpdf/JSON.cc index 3072a58b..3d0870af 100644 --- a/libqpdf/JSON.cc +++ b/libqpdf/JSON.cc @@ -274,6 +274,21 @@ JSON::addDictionaryMember(std::string const& key, JSON const& val) return obj->members[encode_string(key)]; } +bool +JSON::checkDictionaryKeySeen(std::string const& key) +{ + JSON_dictionary* obj = dynamic_cast(this->m->value.get()); + if (0 == obj) { + throw std::logic_error( + "JSON::checkDictionaryKey called on non-dictionary"); + } + if (obj->parsed_keys.count(key)) { + return true; + } + obj->parsed_keys.insert(key); + return false; +} + JSON JSON::makeArray() { @@ -565,7 +580,8 @@ namespace u_count(0), offset(0), done(false), - parser_state(ps_top) + parser_state(ps_top), + dict_key_offset(0) { } @@ -625,6 +641,7 @@ namespace std::vector> stack; std::vector ps_stack; std::string dict_key; + size_t dict_key_offset; }; } // namespace @@ -1201,11 +1218,18 @@ JSONParser::handleToken() case ps_dict_begin: case ps_dict_after_comma: this->dict_key = s_value; + this->dict_key_offset = item->getStart(); item = nullptr; next_state = ps_dict_after_key; break; case ps_dict_after_colon: + if (tos->checkDictionaryKeySeen(dict_key)) { + QTC::TC("libtests", "JSON parse duplicate key"); + throw std::runtime_error( + "JSON: offset " + QUtil::uint_to_string(dict_key_offset) + + ": duplicated dictionary key"); + } if (!reactor || !reactor->dictionaryItem(dict_key, *item)) { tos->addDictionaryMember(dict_key, *item); } -- cgit v1.2.3-54-g00ecf