From c8a9e15a57886dbf3e51cd450bde8e0c4599bff3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89amonn=20McManus?= Date: Tue, 1 Aug 2023 13:11:25 -0700 Subject: [PATCH] Don't skip past `\0` when parsing JSON objects. A better solution might be to use -1 instead 0 to represent EOF everywhere, which of course means changing `char` variables to `int`. The solution here is enough to solve the immediate problem, though. Fixes #758. --- src/main/java/org/json/JSONObject.java | 6 +++++- src/test/java/org/json/junit/JSONObjectTest.java | 9 +++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/src/main/java/org/json/JSONObject.java b/src/main/java/org/json/JSONObject.java index 08eb8fd..36f02d6 100644 --- a/src/main/java/org/json/JSONObject.java +++ b/src/main/java/org/json/JSONObject.java @@ -253,7 +253,11 @@ public class JSONObject { switch (x.nextClean()) { case ';': case ',': - if (x.nextClean() == '}') { + c = x.nextClean(); + if (c == 0) { + throw x.syntaxError("A JSONObject text must end with '}'"); + } + if (c == '}') { return; } x.back(); diff --git a/src/test/java/org/json/junit/JSONObjectTest.java b/src/test/java/org/json/junit/JSONObjectTest.java index ade5523..76c46ef 100644 --- a/src/test/java/org/json/junit/JSONObjectTest.java +++ b/src/test/java/org/json/junit/JSONObjectTest.java @@ -2225,6 +2225,15 @@ public class JSONObjectTest { "Expected a ',' or '}' at 15 [character 16 line 1]", e.getMessage()); } + try { + // \0 after , + String str = "{\"myKey\":true, \0\"myOtherKey\":false}"; + assertNull("Expected an exception",new JSONObject(str)); + } catch (JSONException e) { + assertEquals("Expecting an exception message", + "A JSONObject text must end with '}' at 15 [character 16 line 1]", + e.getMessage()); + } try { // append to wrong key String str = "{\"myKey\":true, \"myOtherKey\":false}";