[v8-dev] Treat leading zeros in JSON.parse correctly. (issue 11273075)

yangguo Mon, 29 Oct 2012 03:54:48 -0700

Reviewers: Toon Verwaest,

Description:
Treat leading zeros in JSON.parse correctly.



[email protected]
BUG=158185


Please review this at https://chromiumcodereview.appspot.com/11273075/

SVN Base: https://v8.googlecode.com/svn/branches/bleeding_edge

Affected files:
  M src/json-parser.h
  A + test/mjsunit/regress/regress-crbug-158185.js


Index: src/json-parser.h
diff --git a/src/json-parser.h b/src/json-parser.h

indexd481ed02b6744a827a98185106d560170e36ea12..60cb786d03fbcd9a7aa8ba831927252680243424100644

--- a/src/json-parser.h
+++ b/src/json-parser.h

@@ -304,45 +304,56 @@ Handle<Object>JsonParser<seq_ascii>::ParseJsonObject() {

       Advance();

       uint32_t index = 0;
-      while (c0_ >= '0' && c0_ <= '9') {
-        int d = c0_ - '0';
-        if (index > 429496729U - ((d > 5) ? 1 : 0)) break;
-        index = (index * 10) + d;
-        Advance();
-      }
+      if (c0_ >= '0' && c0_ <= '9') {
+        // Maybe an array index, try to parse it.
+        if (c0_ == '0') {

+ // With a leading zero, the string has to be "0" only to be anindex.

+          Advance();
+        } else {
+          do {
+            int d = c0_ - '0';
+            if (index > 429496729U - ((d > 5) ? 1 : 0)) break;
+            index = (index * 10) + d;
+            Advance();
+          } while (c0_ >= '0' && c0_ <= '9');
+        }

-      if (position_ != start_position + 1 && c0_ == '"') {
-        AdvanceSkipWhitespace();
+        if (position_ != start_position + 1 && c0_ == '"') {
+          // Successfully parsed index, parse and store element.
+          AdvanceSkipWhitespace();

-        if (c0_ != ':') return ReportUnexpectedCharacter();
-        AdvanceSkipWhitespace();
-        Handle<Object> value = ParseJsonValue();
-        if (value.is_null()) return ReportUnexpectedCharacter();
+          if (c0_ != ':') return ReportUnexpectedCharacter();
+          AdvanceSkipWhitespace();
+          Handle<Object> value = ParseJsonValue();
+          if (value.is_null()) return ReportUnexpectedCharacter();

-        JSObject::SetOwnElement(json_object, index, value, kNonStrictMode);
-      } else {
-        position_ = start_position;

+ JSObject::SetOwnElement(json_object, index, value,kNonStrictMode);

+          continue;
+        }
+        // Not an index, fallback to the slow path.
+      }
+
+      position_ = start_position;
 #ifdef DEBUG
-        c0_ = '"';
+      c0_ = '"';
 #endif

-        Handle<String> key = ParseJsonSymbol();

- if (key.is_null() || c0_ != ':') returnReportUnexpectedCharacter();

+      Handle<String> key = ParseJsonSymbol();
+      if (key.is_null() || c0_ != ':') return ReportUnexpectedCharacter();

-        AdvanceSkipWhitespace();
-        Handle<Object> value = ParseJsonValue();
-        if (value.is_null()) return ReportUnexpectedCharacter();
+      AdvanceSkipWhitespace();
+      Handle<Object> value = ParseJsonValue();
+      if (value.is_null()) return ReportUnexpectedCharacter();

-        if (key->Equals(isolate()->heap()->Proto_symbol())) {
-          prototype = value;
+      if (key->Equals(isolate()->heap()->Proto_symbol())) {
+        prototype = value;
+      } else {
+        if (JSObject::TryTransitionToField(json_object, key)) {
+          int index = json_object->LastAddedFieldIndex();
+          json_object->FastPropertyAtPut(index, *value);
         } else {
-          if (JSObject::TryTransitionToField(json_object, key)) {
-            int index = json_object->LastAddedFieldIndex();
-            json_object->FastPropertyAtPut(index, *value);
-          } else {
-            JSObject::SetLocalPropertyIgnoreAttributes(
-                json_object, key, value, NONE);
-          }
+          JSObject::SetLocalPropertyIgnoreAttributes(
+              json_object, key, value, NONE);
         }
       }
     } while (MatchSkipWhiteSpace(','));
Index: test/mjsunit/regress/regress-crbug-158185.js

diff --git a/test/mjsunit/regress/regress-crbug-142087.jsb/test/mjsunit/regress/regress-crbug-158185.js

similarity index 78%
copy from test/mjsunit/regress/regress-crbug-142087.js
copy to test/mjsunit/regress/regress-crbug-158185.js

index881ca60fba3d86827bb681c771fe10b9e06fa96c..99f19c72fd4f903096918073fe70bcfe99b21a9b100644

--- a/test/mjsunit/regress/regress-crbug-142087.js
+++ b/test/mjsunit/regress/regress-crbug-158185.js
@@ -25,14 +25,15 @@
 // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

-var string = "What are you looking for?";
+assertEquals("0023456",
+             Object.keys(JSON.parse('{"0023456": 1}'))[0]);
+assertEquals("1234567890123",
+             Object.keys(JSON.parse('{"1234567890123": 1}'))[0]);
+assertEquals("123456789ABCD",
+             Object.keys(JSON.parse('{"123456789ABCD": 1}'))[0]);
+assertEquals("12A",
+             Object.keys(JSON.parse('{"12A": 1}'))[0]);

-var expected_match = [""];
-for (var i = 0; i < string.length; i++) {
-  expected_match.push("");
-}
+assertEquals(1, JSON.parse('{"0":1}')[0]);
+assertEquals(undefined, JSON.parse('{"00":1}')[0]);

-string.replace(/(_)|(_|)/g, "");
-assertArrayEquals(expected_match, string.match(/(_)|(_|)/g, ""));
-
-'***************************************'.match(/((\\)|(\*)|(\$))/g, ".");


--
v8-dev mailing list
[email protected]
http://groups.google.com/group/v8-dev

[v8-dev] Treat leading zeros in JSON.parse correctly. (issue 11273075)

Reply via email to