Fix undefined behavior in json.c (Bug#42113)

* src/json.c (lisp_to_json_toplevel_1, Fjson_parse_string): Check
whether input strings are actually strings.

* test/src/json-tests.el (json-parse-string/wrong-type)
(json-serialize/wrong-hash-key-type): New regression tests.

diff --git a/src/json.c b/src/json.c
index 2e50ce514fdc258802eec147dee522dfba7a4b5f..4648cb4c3b71b6379e8e9af7a269ba1f3da8d9d5 100644 (file)
--- a/src/json.c
+++ b/src/json.c
@@ -365,6 +365,7 @@ lisp_to_json_toplevel_1 (Lisp_Object lisp,
           Lisp_Object key = HASH_KEY (h, i);
           if (!EQ (key, Qunbound))
             {
+              CHECK_STRING (key);
               Lisp_Object ekey = json_encode (key);
               /* We can't specify the length, so the string must be
                NUL-terminated.  */
@@ -975,6 +976,7 @@ usage: (json-parse-string STRING &rest ARGS) */)
 #endif
 
   Lisp_Object string = args[0];
+  CHECK_STRING (string);
   Lisp_Object encoded = json_encode (string);
   check_string_without_embedded_nuls (encoded);
   struct json_configuration conf =

diff --git a/test/src/json-tests.el b/test/src/json-tests.el
index 7eeef8851980ae309b137b5bb0ceed6e62eec03f..028f92f29d38b27c20a4f6a165c4ac54567afd75 100644 (file)
--- a/test/src/json-tests.el
+++ b/test/src/json-tests.el
@@ -296,5 +296,17 @@ Test with both unibyte and multibyte strings."
                          (1+ most-positive-fixnum)
                          (1- most-negative-fixnum)))))
 
+(ert-deftest json-parse-string/wrong-type ()
+  "Check that Bug#42113 is fixed."
+  (skip-unless (fboundp 'json-parse-string))
+  (should-error (json-parse-string 1) :type 'wrong-type-argument))
+
+(ert-deftest json-serialize/wrong-hash-key-type ()
+  "Check that Bug#42113 is fixed."
+  (skip-unless (fboundp 'json-serialize))
+  (let ((table (make-hash-table :test #'eq)))
+    (puthash 1 2 table)
+    (should-error (json-serialize table) :type 'wrong-type-argument)))
+
 (provide 'json-tests)
 ;;; json-tests.el ends here