php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Return to Bug #68546
Patch json-0 revision 2015-05-28 00:54 UTC by cmb@php.net

Patch json-0 for JSON related Bug #68546

Patch version 2015-05-28 00:54 UTC

Return to Bug #68546 | Download this patch
Patch Revisions:

Developer: cmb@php.net

 ext/json/JSON_parser.c       |  6 ++++++
 ext/json/tests/bug68546.phpt | 14 ++++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/ext/json/JSON_parser.c b/ext/json/JSON_parser.c
index dd832a7..6e5cb08 100644
--- a/ext/json/JSON_parser.c
+++ b/ext/json/JSON_parser.c
@@ -550,6 +550,12 @@ parse_JSON_ex(JSON_parser jp, zval *z, unsigned short utf16_json[], int length,
                     json_create_zval(&mval, &buf, type, options);
 
                     if (!assoc) {
+			/* don't allow a property starting with \0 */
+			if (key.len > 0 && *key.c == 0) {
+			    FREE_BUFFERS();
+			    jp->error_code = PHP_JSON_ERROR_CTRL_CHAR;
+			    return false;
+			}
                         add_property_zval_ex(jp->the_zstack[jp->top], (key.len ? key.c : "_empty_"), (key.len ? (key.len + 1) : sizeof("_empty_")), mval TSRMLS_CC);
                         Z_DELREF_P(mval);
                     } else {
diff --git a/ext/json/tests/bug68546.phpt b/ext/json/tests/bug68546.phpt
new file mode 100644
index 0000000..8a747d4
--- /dev/null
+++ b/ext/json/tests/bug68546.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Bug #68546 - json_decode() Fatal error: Cannot access property started with '\0'
+--SKIPIF--
+<?php
+if (!extension_loaded("json")) die("skip this test requires json"); ?>
+?>
+--FILE--
+<?php
+var_dump(json_decode('{"\u0000": 1}'));
+var_dump(json_last_error());
+?>
+--EXPECT--
+NULL
+int(3)
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Thu Mar 04 03:01:23 2021 UTC