File: 41-JSON-2_1.patch

package info (click to toggle)
sqlite3 3.16.2-5+deb9u1
  • links: PTS
  • area: main
  • in suites: stretch
  • size: 88,416 kB
  • sloc: ansic: 195,593; tcl: 14,245; sh: 10,163; yacc: 1,246; makefile: 1,058; cs: 299; cpp: 128
file content (42 lines) | stat: -rw-r--r-- 1,588 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
Index: sqlite3/ext/misc/json1.c
==================================================================
--- sqlite3/ext/misc/json1.c
+++ sqlite3/ext/misc/json1.c
@@ -784,11 +784,11 @@
     /* Parse string */
     u8 jnFlags = 0;
     j = i+1;
     for(;;){
       c = z[j];
-      if( c==0 ) return -1;
+      if( c<=0x1f ) return -1;  /* Control characters not allowed in strings */
       if( c=='\\' ){
         c = z[++j];
         if( c=='"' || c=='\\' || c=='/' || c=='b' || c=='f'
            || c=='n' || c=='r' || c=='t'
            || (c=='u' && jsonIs4Hex(z+j+1)) ){

Index: sqlite3/test/json102.test
==================================================================
--- sqlite3/test/json102.test
+++ sqlite3/test/json102.test
@@ -316,7 +316,18 @@
 do_execsql_test json102-1408 { SELECT json_valid('{"x":-0.0000}') } 1
 do_execsql_test json102-1409 { SELECT json_valid('{"x":01.5}') } 0
 do_execsql_test json102-1410 { SELECT json_valid('{"x":-01.5}') } 0
 do_execsql_test json102-1411 { SELECT json_valid('{"x":00}') } 0
 do_execsql_test json102-1412 { SELECT json_valid('{"x":-00}') } 0
+
+#------------------------------------------------------------------------
+# 2017-04-10 ticket 6c9b5514077fed34551f98e64c09a10dc2fc8e16
+# JSON extension accepts strings containing control characters.
+#
+# The JSON spec requires that all control characters be escaped.
+#
+do_execsql_test json102-1500 {
+  WITH RECURSIVE c(x) AS (VALUES(1) UNION ALL SELECT x+1 FROM c WHERE x<0x20)
+  SELECT x FROM c WHERE json_valid(printf('{"a":"x%sz"}', char(x))) ORDER BY x;
+} {32}
 
 finish_test