diff options
| author | drh <> | 2023-12-03 11:54:39 +0000 |
|---|---|---|
| committer | drh <> | 2023-12-03 11:54:39 +0000 |
| commit | 78fa0186b822e137d6d6e157a28cbcad67275cdb (patch) | |
| tree | bbdc3e8ba3a165f9f65213d9b8a34b1244406f62 /src | |
| parent | eb18ae3089ac409ed7c0bd943a993ea8b357c2f5 (diff) | |
| download | sqlite-78fa0186b822e137d6d6e157a28cbcad67275cdb.tar.gz sqlite-78fa0186b822e137d6d6e157a28cbcad67275cdb.zip | |
Do not let bad hexadecimal digits in malformed JSONB cause an assertion fault.
FossilOrigin-Name: 8dec1ba1e5076ff596756e00c1e2ada0245f168a503dd1cadadf848331acfac3
Diffstat (limited to 'src')
| -rw-r--r-- | src/json.c | 26 |
1 files changed, 21 insertions, 5 deletions
diff --git a/src/json.c b/src/json.c index a35306b62..0668ff6da 100644 --- a/src/json.c +++ b/src/json.c @@ -818,14 +818,30 @@ static void jsonParseFree(JsonParse *pParse){ } /* +** Translate a single byte of Hex into an integer. +** This routine only gives a correct answer if h really is a valid hexadecimal +** character: 0..9a..fA..F. But unlike sqlite3HexToInt(), it does not +** assert() if the digit is not hex. +*/ +static u8 jsonHexToInt(int h){ +#ifdef SQLITE_ASCII + h += 9*(1&(h>>6)); +#endif +#ifdef SQLITE_EBCDIC + h += 9*(1&~(h>>4)); +#endif + return (u8)(h & 0xf); +} + +/* ** Convert a 4-byte hex string into an integer */ static u32 jsonHexToInt4(const char *z){ u32 v; - v = (sqlite3HexToInt(z[0])<<12) - + (sqlite3HexToInt(z[1])<<8) - + (sqlite3HexToInt(z[2])<<4) - + sqlite3HexToInt(z[3]); + v = (jsonHexToInt(z[0])<<12) + + (jsonHexToInt(z[1])<<8) + + (jsonHexToInt(z[2])<<4) + + jsonHexToInt(z[3]); return v; } @@ -2524,7 +2540,7 @@ static void jsonReturnFromBlob( }else if( c=='0' ){ c = 0; }else if( c=='x' ){ - c = (sqlite3HexToInt(z[iIn+1])<<4) | sqlite3HexToInt(z[iIn+2]); + c = (jsonHexToInt(z[iIn+1])<<4) | jsonHexToInt(z[iIn+2]); iIn += 2; }else if( c=='\r' && z[i+1]=='\n' ){ iIn++; |