|
 |
5b195c |
diff -up simplejson-3.2.0/simplejson/_speedups.c.ms simplejson-3.2.0/simplejson/_speedups.c
|
|
|
5b195c |
--- simplejson-3.2.0/simplejson/_speedups.c.ms 2015-05-18 11:40:07.477164704 +0200
|
|
|
5b195c |
+++ simplejson-3.2.0/simplejson/_speedups.c 2015-05-18 11:40:10.415183894 +0200
|
|
|
5b195c |
@@ -2166,7 +2166,7 @@ scan_once_str(PyScannerObject *s, PyObje
|
|
|
5b195c |
Py_ssize_t length = PyString_GET_SIZE(pystr);
|
|
|
5b195c |
PyObject *rval = NULL;
|
|
|
5b195c |
int fallthrough = 0;
|
|
|
5b195c |
- if (idx >= length) {
|
|
|
5b195c |
+ if (idx < 0 || idx >= length) {
|
|
|
5b195c |
raise_errmsg(ERR_EXPECTING_VALUE, pystr, idx);
|
|
|
5b195c |
return NULL;
|
|
|
5b195c |
}
|
|
|
5b195c |
@@ -2274,7 +2274,7 @@ scan_once_unicode(PyScannerObject *s, Py
|
|
|
5b195c |
Py_ssize_t length = PyUnicode_GetLength(pystr);
|
|
|
5b195c |
PyObject *rval = NULL;
|
|
|
5b195c |
int fallthrough = 0;
|
|
|
5b195c |
- if (idx >= length) {
|
|
|
5b195c |
+ if (idx < 0 || idx >= length) {
|
|
|
5b195c |
raise_errmsg(ERR_EXPECTING_VALUE, pystr, idx);
|
|
|
5b195c |
return NULL;
|
|
|
5b195c |
}
|
|
|
5b195c |
diff --git a/simplejson/decoder.py b/simplejson/decoder.py
|
|
|
5b195c |
index 38cb027..1a6c5d9 100644
|
|
|
5b195c |
--- a/simplejson/decoder.py
|
|
|
5b195c |
+++ b/simplejson/decoder.py
|
|
|
5b195c |
@@ -384,6 +384,10 @@ def raw_decode(self, s, idx=0, _w=WHITESPACE.match, _PY3=PY3):
|
|
|
5b195c |
have extraneous data at the end.
|
|
|
5b195c |
|
|
|
5b195c |
"""
|
|
|
5b195c |
+ if idx < 0:
|
|
|
5b195c |
+ # Ensure that raw_decode bails on negative indexes, the regex
|
|
|
5b195c |
+ # would otherwise mask this behavior. #98
|
|
|
5b195c |
+ raise JSONDecodeError('Expecting value', s, idx)
|
|
|
5b195c |
if _PY3 and not isinstance(s, text_type):
|
|
|
5b195c |
raise TypeError("Input string must be text, not bytes")
|
|
|
5b195c |
return self.scan_once(s, idx=_w(s, idx).end())
|
|
|
5b195c |
diff --git a/simplejson/scanner.py b/simplejson/scanner.py
|
|
|
5b195c |
index b7918b3..5abed35 100644
|
|
|
5b195c |
--- a/simplejson/scanner.py
|
|
|
5b195c |
+++ b/simplejson/scanner.py
|
|
|
5b195c |
@@ -118,6 +118,11 @@ def _scan_once(string, idx):
|
|
|
5b195c |
raise JSONDecodeError(errmsg, string, idx)
|
|
|
5b195c |
|
|
|
5b195c |
def scan_once(string, idx):
|
|
|
5b195c |
+ if idx < 0:
|
|
|
5b195c |
+ # Ensure the same behavior as the C speedup, otherwise
|
|
|
5b195c |
+ # this would work for *some* negative string indices due
|
|
|
5b195c |
+ # to the behavior of __getitem__ for strings. #98
|
|
|
5b195c |
+ raise JSONDecodeError('Expecting value', string, idx)
|
|
|
5b195c |
try:
|
|
|
5b195c |
return _scan_once(string, idx)
|
|
|
5b195c |
finally:
|
|
|
5b195c |
diff --git a/simplejson/tests/test_decode.py b/simplejson/tests/test_decode.py
|
|
|
5b195c |
index ea5c90a..30b692a 100644
|
|
|
5b195c |
--- a/simplejson/tests/test_decode.py
|
|
|
5b195c |
+++ b/simplejson/tests/test_decode.py
|
|
|
5b195c |
@@ -86,3 +86,14 @@ def test_raw_decode(self):
|
|
|
5b195c |
self.assertEqual(
|
|
|
5b195c |
({'a': {}}, 11),
|
|
|
5b195c |
cls().raw_decode(" \n{\"a\": {}}"))
|
|
|
5b195c |
+
|
|
|
5b195c |
+ def test_bounds_checking(self):
|
|
|
5b195c |
+ # https://github.com/simplejson/simplejson/issues/98
|
|
|
5b195c |
+ j = json.decoder.JSONDecoder()
|
|
|
5b195c |
+ for i in [4, 5, 6, -1, -2, -3, -4, -5, -6]:
|
|
|
5b195c |
+ self.assertRaises(ValueError, j.scan_once, '1234', i)
|
|
|
5b195c |
+ self.assertRaises(ValueError, j.raw_decode, '1234', i)
|
|
|
5b195c |
+ x, y = sorted(['128931233', '472389423'], key=id)
|
|
|
5b195c |
+ diff = id(x) - id(y)
|
|
|
5b195c |
+ self.assertRaises(ValueError, j.scan_once, y, diff)
|
|
|
5b195c |
+ self.assertRaises(ValueError, j.raw_decode, y, i)
|