Fix an off-by-one error (really off-by-2 in this case) in the buffer

resize logic of json1.

FossilOrigin-Name: d2a027372a5a6efc0f9b6f605093d865ae1c6788

ext/misc/json1.c

@@ -239,12 +239,13 @@ static void jsonAppendString(JsonString *p, const char *zIn, u32 N){
   for(i=0; i<N; i++){
     char c = zIn[i];
     if( c=='"' || c=='\\' ){
-      if( (p->nUsed+N+1-i > p->nAlloc) && jsonGrow(p,N+1-i)!=0 ) return;
+      if( (p->nUsed+N+3-i > p->nAlloc) && jsonGrow(p,N+3-i)!=0 ) return;
       p->zBuf[p->nUsed++] = '\\';
     }
     p->zBuf[p->nUsed++] = c;
   }
   p->zBuf[p->nUsed++] = '"';
+  assert( p->nUsed<p->nAlloc );
 }
 
 /*

manifest

@@ -1,5 +1,5 @@
-C Do\snot\sallow\srowid\sin\sa\sUNIQUE\sor\sPRIMARY\sKEY\sconstraint.\s\s(This\srestores\sthe\nsame\sbehavior\sexhibited\sby\sall\sprior\sreleases.)
-D 2015-09-19T03:07:30.685
+C Fix\san\soff-by-one\serror\s(really\soff-by-2\sin\sthis\scase)\sin\sthe\sbuffer\nresize\slogic\sof\sjson1.
+D 2015-09-19T11:57:26.958
 F Makefile.arm-wince-mingw32ce-gcc d6df77f1f48d690bd73162294bbba7f59507c72f
 F Makefile.in f85066ce844a28b671aaeeff320921cd0ce36239
 F Makefile.linux-gcc 91d710bdc4998cb015f39edf3cb314ec4f4d7e23
@@ -195,7 +195,7 @@ F ext/misc/eval.c f971962e92ebb8b0a4e6b62949463ee454d88fa2
 F ext/misc/fileio.c d4171c815d6543a9edef8308aab2951413cd8d0f
 F ext/misc/fuzzer.c 4c84635c71c26cfa7c2e5848cf49fe2d2cfcd767
 F ext/misc/ieee754.c b0362167289170627659e84173f5d2e8fee8566e
-F ext/misc/json1.c 4b1048a7f4f2989d27c451cef80e06d77d69921e
+F ext/misc/json1.c d96049b4147eb55755593bf806e27d5966b9d244
 F ext/misc/nextchar.c 35c8b8baacb96d92abbb34a83a997b797075b342
 F ext/misc/percentile.c bcbee3c061b884eccb80e21651daaae8e1e43c63
 F ext/misc/regexp.c af92cdaa5058fcec1451e49becc7ba44dba023dc
@@ -816,7 +816,7 @@ F test/jrnlmode.test 7864d59cf7f6e552b9b99ba0f38acd167edc10fa
 F test/jrnlmode2.test 81610545a4e6ed239ea8fa661891893385e23a1d
 F test/jrnlmode3.test 556b447a05be0e0963f4311e95ab1632b11c9eaa
 F test/json101.test e20d2421c531db32fad59c5e06e80af0b1b002c8
-F test/json102.test b6282433ac49c57ab00ed55e8b9fd5317e699b3d
+F test/json102.test 796b1c59894c6e0f38fc1a3acb0e690573b952a3
 F test/keyword1.test 37ef6bba5d2ed5b07ecdd6810571de2956599dff
 F test/lastinsert.test 42e948fd6442f07d60acbd15d33fb86473e0ef63
 F test/laststmtchanges.test ae613f53819206b3222771828d024154d51db200
@@ -1387,7 +1387,7 @@ F tool/vdbe_profile.tcl 67746953071a9f8f2f668b73fe899074e2c6d8c1
 F tool/warnings-clang.sh f6aa929dc20ef1f856af04a730772f59283631d4
 F tool/warnings.sh 48bd54594752d5be3337f12c72f28d2080cb630b
 F tool/win/sqlite.vsix deb315d026cc8400325c5863eef847784a219a2f
-P 25f34cb9b576a2d4250a06a7dbf88010b1c11675
-R fd8d20dd4f43b078e61007ad89d6a2fb
+P b1278301e37220a075c1bae88c0fcca2ef7a7d5c
+R f3af9f9f0faeeb27ced4a62df7fbb79b
 U drh
-Z 9e371c3a4b995f769acecd4879783adf
+Z 22c0ef8050295e4df286a766029de3a6

manifest.uuid

@@ -1 +1 @@
-b1278301e37220a075c1bae88c0fcca2ef7a7d5c
+d2a027372a5a6efc0f9b6f605093d865ae1c6788

test/json102.test

@@ -285,4 +285,13 @@ do_execsql_test json102-1132 {
 do_execsql_test json102-1201 { SELECT json_valid(char(32)  || '"xyz"') } 1
 do_execsql_test json102-1202 { SELECT json_valid(char(200) || '"xyz"') } 0
 
+# Off-by-one error in jsonAppendString()
+#
+for {set i 0} {$i<100} {incr i} {
+  set str abcdef[string repeat \" [expr {$i+50}]]uvwxyz
+  do_test json102-[format %d [expr {$i+1300}]] {
+    db eval {SELECT json_extract(json_array($::str),'$[0]')==$::str}
+  } {1}
+}
+
 finish_test