patch 8.2.1188: memory leak with invalid json input

Problem:    Memory leak with invalid json input.
Solution:   Free all keys at the end. (Dominique Pellé, closes #6443,
            closes #6442)

diff --git a/src/json.c b/src/json.c
index 8eb6680beab638f9821cdfb537fe167c5c71f502..c22864df10603ff10eb257b3c2bfbca7fd0539cf 100644 (file)
--- a/src/json.c
+++ b/src/json.c
@@ -594,6 +594,7 @@ typedef struct {
 json_decode_item(js_read_T *reader, typval_T *res, int options)
 {
     char_u     *p;
+    int                i;
     int                len;
     int                retval;
     garray_T   stack;
@@ -621,9 +622,6 @@ json_decode_item(js_read_T *reader, typval_T *res, int options)
            if (*p == NUL)
            {
                retval = MAYBE;
-               if (top_item->jd_type == JSON_OBJECT)
-                   // did get the key, clear it
-                   clear_tv(&top_item->jd_key_tv);
                goto theend;
            }
            if (top_item->jd_type == JSON_OBJECT_KEY
@@ -925,7 +923,6 @@ json_decode_item(js_read_T *reader, typval_T *res, int options)
                top_item->jd_key = tv_get_string_buf_chk(cur_item, key_buf);
                if (top_item->jd_key == NULL)
                {
-                   clear_tv(cur_item);
                    emsg(_(e_invarg));
                    retval = FAIL;
                    goto theend;
@@ -1001,7 +998,6 @@ item_end:
                {
                    semsg(_("E938: Duplicate key in JSON: \"%s\""),
                                                             top_item->jd_key);
-                   clear_tv(&top_item->jd_key_tv);
                    clear_tv(cur_item);
                    retval = FAIL;
                    goto theend;
@@ -1060,7 +1056,10 @@ item_end:
     semsg(_(e_json_error), p);
 
 theend:
+    for (i = 0; i < stack.ga_len; i++)
+       clear_tv(&(((json_dec_item_T *)stack.ga_data) + i)->jd_key_tv);
     ga_clear(&stack);
+
     return retval;
 }
 

diff --git a/src/testdir/test_json.vim b/src/testdir/test_json.vim
index c3b4382bd717e96f6aa80df38bfae7681e6ae04d..c619882953cc97c039336a06a9e7b2d5e196bf46 100644 (file)
--- a/src/testdir/test_json.vim
+++ b/src/testdir/test_json.vim
@@ -201,6 +201,8 @@ func Test_json_decode()
   call assert_fails('call json_decode("\"\\u111Z\"")', 'E491:')
   call assert_equal('[😂]', json_decode('"[\uD83D\uDE02]"'))
   call assert_equal('a😂b', json_decode('"a\uD83D\uDE02b"'))
+
+  call assert_fails('call json_decode("{\"\":{\"\":{")', 'E491:')
 endfunc
 
 let s:jsl5 = '[7,,,]'

diff --git a/src/version.c b/src/version.c
index d0067bf997f20ce6e0d5fff29fc346320627640e..eaca91f2c95155240090042091d6262c20cd1ab9 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -754,6 +754,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1188,
 /**/
     1187,
 /**/