Google Git
Sign in
go / protobuf / 06a6b0bda8ad73902832d77e61214918aee65453^! / .
commit06a6b0bda8ad73902832d77e61214918aee65453[log] [tgz]
authorHerbie Ong <herbie@google.com>Wed Apr 24 21:15:45 2019 -0700
committerHerbie Ong <herbie@google.com>Mon Apr 29 20:44:00 2019 +0000
tree1a110d23712fbbe7c4eaf645bd7c42f2c55c88f2
parentad9c125737bae9606f67e0fd69766b38c86420b1 [diff]
encoding/jsonpb: fix parsing of number strings containing leading/trailing spaces

Per conformance tests, number strings that contain leading or trailing
spaces are not allowed.

https://github.com/protocolbuffers/protobuf/blob/3a3956e8a258784461270961c6577341356bce52/conformance/binary_json_conformance_suite.cc#L1196-L1203

Change-Id: Ifbe0e4ee125fac3c291b456eece541353025cdd4
Reviewed-on: https://go-review.googlesource.com/c/protobuf/+/173664
Reviewed-by: Joe Tsai <thebrokentoaster@gmail.com>

diff --git a/encoding/jsonpb/decode.go b/encoding/jsonpb/decode.go
index 4b46ffc..4b0d9bb 100644
--- a/encoding/jsonpb/decode.go
+++ b/encoding/jsonpb/decode.go

@@ -376,7 +376,11 @@
 
 	case json.String:
 		// Decode number from string.
-		dec := json.NewDecoder([]byte(jval.String()))
+		s := strings.TrimSpace(jval.String())
+		if len(s) != len(jval.String()) {
+			return pref.Value{}, errors.New("invalid number %v", jval.Raw())
+		}
+		dec := json.NewDecoder([]byte(s))
 		var nerr errors.NonFatal
 		jval, err := dec.Read()
 		if !nerr.Merge(err) {
@@ -405,7 +409,11 @@
 
 	case json.String:
 		// Decode number from string.
-		dec := json.NewDecoder([]byte(jval.String()))
+		s := strings.TrimSpace(jval.String())
+		if len(s) != len(jval.String()) {
+			return pref.Value{}, errors.New("invalid number %v", jval.Raw())
+		}
+		dec := json.NewDecoder([]byte(s))
 		var nerr errors.NonFatal
 		jval, err := dec.Read()
 		if !nerr.Merge(err) {
@@ -452,6 +460,9 @@
 			return pref.ValueOf(math.Inf(-1)), nil
 		}
 		// Decode number from string.
+		if len(s) != len(strings.TrimSpace(s)) {
+			return pref.Value{}, errors.New("invalid number %v", jval.Raw())
+		}
 		dec := json.NewDecoder([]byte(s))
 		var nerr errors.NonFatal
 		jval, err := dec.Read()

diff --git a/encoding/jsonpb/decode_test.go b/encoding/jsonpb/decode_test.go
index 9fb95d6..6226b07 100644
--- a/encoding/jsonpb/decode_test.go
+++ b/encoding/jsonpb/decode_test.go

@@ -253,6 +253,16 @@
 			SDouble: math.Inf(-1),
 		},
 	}, {
+		desc:         "float string with leading space",
+		inputMessage: &pb3.Scalars{},
+		inputText:    `{"sFloat": " 1.234"}`,
+		wantErr:      true,
+	}, {
+		desc:         "double string with trailing space",
+		inputMessage: &pb3.Scalars{},
+		inputText:    `{"sDouble": "5.678 "}`,
+		wantErr:      true,
+	}, {
 		desc:         "not float",
 		inputMessage: &pb3.Scalars{},
 		inputText:    `{"sFloat": true}`,
@@ -324,6 +334,16 @@
 			SInt32: 12,
 		},
 	}, {
+		desc:         "integer string with leading space",
+		inputMessage: &pb3.Scalars{},
+		inputText:    `{"sInt32": " 1234"}`,
+		wantErr:      true,
+	}, {
+		desc:         "integer string with trailing space",
+		inputMessage: &pb3.Scalars{},
+		inputText:    `{"sUint32": "1e2 "}`,
+		wantErr:      true,
+	}, {
 		desc:         "number is not an integer",
 		inputMessage: &pb3.Scalars{},
 		inputText:    `{"sInt32": 1.001}`,