[skjson] Catch end-of-stream for unbalanced scopes
The input is not guaranteed to contain well-formed scopes, so it's not
sufficient to check for end-of-stream only when popping the top-level
scope -- we have to check on every scope pop.
Bug: oss-fuzz:8898
Change-Id: I7399a8872187ec6714672cac2ff8fc7fbf3c2dfe
Reviewed-on: https://skia-review.googlesource.com/135059
Reviewed-by: Kevin Lubick <kjlubick@google.com>
Reviewed-by: Mike Klein <mtklein@google.com>
Commit-Queue: Florin Malita <fmalita@chromium.org>
diff --git a/modules/skjson/src/SkJSON.cpp b/modules/skjson/src/SkJSON.cpp
index 7f082d7..d423715 100644
--- a/modules/skjson/src/SkJSON.cpp
+++ b/modules/skjson/src/SkJSON.cpp
@@ -355,6 +355,10 @@
: this->error(NullValue(), p + 1, "trailing root garbage");
}
+ if (p == p_stop) {
+ return this->error(NullValue(), p, "unexpected end-of-input");
+ }
+
++p;
goto match_post_value;
diff --git a/modules/skjson/src/SkJSONTest.cpp b/modules/skjson/src/SkJSONTest.cpp
index 91ae497..1aaa278 100644
--- a/modules/skjson/src/SkJSONTest.cpp
+++ b/modules/skjson/src/SkJSONTest.cpp
@@ -49,6 +49,7 @@
{ "[ \"foo" , nullptr },
{ "[ \"fo\0o\" ]" , nullptr },
+ { "{\"\":{}" , nullptr },
{ "{ null }" , nullptr },
{ "{ \"k\" : }" , nullptr },
{ "{ : null }" , nullptr },