diff options
| author | drh <> | 2023-12-04 18:53:10 +0000 |
|---|---|---|
| committer | drh <> | 2023-12-04 18:53:10 +0000 |
| commit | 3fedb7e59e6a5208f006cad5e02be79abdd2e759 (patch) | |
| tree | 6f873d19962dd207c2829fca070e524a983dfe7c /src | |
| parent | 9c794b9bff393410d9efbd4d43cb5540ed534531 (diff) | |
| download | sqlite-3fedb7e59e6a5208f006cad5e02be79abdd2e759.tar.gz sqlite-3fedb7e59e6a5208f006cad5e02be79abdd2e759.zip | |
Fix errors in rendering JSON5 escape sequences embedded in JSONB.
FossilOrigin-Name: f1a51ae3863557526a51c6e98e71fcdf4f1ed14a36212b3c90f7408f926345e4
Diffstat (limited to 'src')
| -rw-r--r-- | src/json.c | 12 |
1 files changed, 8 insertions, 4 deletions
diff --git a/src/json.c b/src/json.c index dc884b9fd..aefd47498 100644 --- a/src/json.c +++ b/src/json.c @@ -2401,7 +2401,10 @@ static void jsonReturnFromBlob( sqlite3 *db = sqlite3_context_db_handle(pCtx); n = jsonbPayloadSize(pParse, i, &sz); - if( n==0 ) return; + if( n==0 ){ + sqlite3_result_error(pCtx, "malformed JSON", -1); + return; + } switch( pParse->aBlob[i] & 0x0f ){ case JSONB_NULL: { sqlite3_result_null(pCtx); @@ -2483,7 +2486,7 @@ static void jsonReturnFromBlob( }else{ u32 vlo; if( (v&0xfc00)==0xd800 - && i<n-6 + && iIn<sz-6 && z[iIn+1]=='\\' && z[iIn+2]=='u' && ((vlo = jsonHexToInt4(z+iIn+3))&0xfc00)==0xdc00 @@ -2525,8 +2528,9 @@ static void jsonReturnFromBlob( iIn++; continue; }else if( 0xe2==(u8)c - && 0x80==(u8)z[i+1] - && (0xa8==(u8)z[i+2] || 0xa9==(u8)z[i+2]) + && iIn<sz-2 + && 0x80==(u8)z[iIn+1] + && (0xa8==(u8)z[iIn+2] || 0xa9==(u8)z[iIn+2]) ){ iIn += 2; continue; |