From e12e24ded81798d8580fbf527c6adcb3b7be3f7c Mon Sep 17 00:00:00 2001
From: drh <drh@noemail.net>
Date: Mon, 10 Apr 2017 12:25:05 +0000
Subject: [PATCH] Change the JSON extension so that it disallows control
 characters inside of strings.  Fix for ticket
 [6c9b5514077fed34551f98e64c09a10dc2fc8e16].

FossilOrigin-Name: 475d8f82ec61a4ff3e6a7650731230ccecb6cc580d1397d189d0ba479d9bad4d
---
 ext/misc/json1.c  |  2 +-
 manifest          | 14 +++++++-------
 manifest.uuid     |  2 +-
 test/json102.test | 11 +++++++++++
 4 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/ext/misc/json1.c b/ext/misc/json1.c
index b12964ba4d..0d1b9a4642 100644
--- a/ext/misc/json1.c
+++ b/ext/misc/json1.c
@@ -785,7 +785,7 @@ static int jsonParseValue(JsonParse *pParse, u32 i){
     j = i+1;
     for(;;){
       c = z[j];
-      if( c==0 ) return -1;
+      if( c<=0x1f ) return -1;  /* Control characters not allowed in strings */
       if( c=='\\' ){
         c = z[++j];
         if( c=='"' || c=='\\' || c=='/' || c=='b' || c=='f'
diff --git a/manifest b/manifest
index e5b43e782e..8aad80974e 100644
--- a/manifest
+++ b/manifest
@@ -1,5 +1,5 @@
-C Do\snot\sexpose\sthe\sname\sof\sthe\sinternal\sMem\sobject\sin\sthe\spublic\sinterface\ndefined\sby\ssqlite3.h.
-D 2017-04-09T19:23:55.530
+C Change\sthe\sJSON\sextension\sso\sthat\sit\sdisallows\scontrol\scharacters\sinside\sof\nstrings.\s\sFix\sfor\sticket\s[6c9b5514077fed34551f98e64c09a10dc2fc8e16].
+D 2017-04-10T12:25:05.724
 F Makefile.in 1cc758ce3374a32425e4d130c2fe7b026b20de5b8843243de75f087c0a2661fb
 F Makefile.linux-gcc 7bc79876b875010e8c8f9502eb935ca92aa3c434
 F Makefile.msc a4c0613a18663bda56d8cf76079ab6590a7c3602e54befb4bbdef76bcaa38b6a
@@ -218,7 +218,7 @@ F ext/misc/eval.c f971962e92ebb8b0a4e6b62949463ee454d88fa2
 F ext/misc/fileio.c d4171c815d6543a9edef8308aab2951413cd8d0f
 F ext/misc/fuzzer.c 7c64b8197bb77b7d64eff7cac7848870235d4c25
 F ext/misc/ieee754.c f190d0cc5182529acb15babd177781be1ac1718c
-F ext/misc/json1.c 312b4ddf4c7399dcbd2189f492e8ca92a872c2df7347473bfb38854f9d60c06a
+F ext/misc/json1.c 70d49f69ce61e54a83a29e425e704ca3e7e42e6bd9a7cf3c112d0ad995f6560b
 F ext/misc/memvfs.c e5225bc22e79dde6b28380f3a068ddf600683a33
 F ext/misc/nextchar.c 35c8b8baacb96d92abbb34a83a997b797075b342
 F ext/misc/percentile.c 92699c8cd7d517ff610e6037e56506f8904dae2e
@@ -911,7 +911,7 @@ F test/jrnlmode.test 7864d59cf7f6e552b9b99ba0f38acd167edc10fa
 F test/jrnlmode2.test 81610545a4e6ed239ea8fa661891893385e23a1d
 F test/jrnlmode3.test 556b447a05be0e0963f4311e95ab1632b11c9eaa
 F test/json101.test c0897616f32d95431f37fd291cb78742181980ac
-F test/json102.test de1728e8ffde4a57cbc77b6815a60ccb82a6c759967be44e71952757e7d7947b
+F test/json102.test 0eacdde66991e9afd3f2a010fa97e9843de55b84297982875a017c3dc8aaec7e
 F test/json103.test c5f6b85e69de05f6b3195f9f9d5ce9cd179099a0
 F test/json104.test 877d5845f6303899b7889ea5dd1bea99076e3100574d5c536082245c5805dcaa
 F test/keyword1.test 37ef6bba5d2ed5b07ecdd6810571de2956599dff
@@ -1570,7 +1570,7 @@ F vsixtest/vsixtest.tcl 6a9a6ab600c25a91a7acc6293828957a386a8a93
 F vsixtest/vsixtest.vcxproj.data 2ed517e100c66dc455b492e1a33350c1b20fbcdc
 F vsixtest/vsixtest.vcxproj.filters 37e51ffedcdb064aad6ff33b6148725226cd608e
 F vsixtest/vsixtest_TemporaryKey.pfx e5b1b036facdb453873e7084e1cae9102ccc67a0
-P 204e72f0080e8f08f99978870bd3cb9d59b068ecffee82192d707c650548b43b
-R 4aadeea99512ebde70036e66f3a8d746
+P 19dd753f9e50fee247b1ab141669817c7e88bc3f6d6065dba6c731db9f7a2409
+R 4d25d4996adadb5793b8d9872a867cae
 U drh
-Z d0890c6128b3b61f6503cc6c672cce64
+Z 90838f4be97951a4a7983906c4e90eed
diff --git a/manifest.uuid b/manifest.uuid
index a6f6c0a5e4..d2945c983f 100644
--- a/manifest.uuid
+++ b/manifest.uuid
@@ -1 +1 @@
-19dd753f9e50fee247b1ab141669817c7e88bc3f6d6065dba6c731db9f7a2409
\ No newline at end of file
+475d8f82ec61a4ff3e6a7650731230ccecb6cc580d1397d189d0ba479d9bad4d
\ No newline at end of file
diff --git a/test/json102.test b/test/json102.test
index d1f2a4d36d..5c7866391f 100644
--- a/test/json102.test
+++ b/test/json102.test
@@ -319,4 +319,15 @@ do_execsql_test json102-1410 { SELECT json_valid('{"x":-01.5}') } 0
 do_execsql_test json102-1411 { SELECT json_valid('{"x":00}') } 0
 do_execsql_test json102-1412 { SELECT json_valid('{"x":-00}') } 0
 
+#------------------------------------------------------------------------
+# 2017-04-10 ticket 6c9b5514077fed34551f98e64c09a10dc2fc8e16
+# JSON extension accepts strings containing control characters.
+#
+# The JSON spec requires that all control characters be escaped.
+#
+do_execsql_test json102-1500 {
+  WITH RECURSIVE c(x) AS (VALUES(1) UNION ALL SELECT x+1 FROM c WHERE x<0x20)
+  SELECT x FROM c WHERE json_valid(printf('{"a":"x%sz"}', char(x))) ORDER BY x;
+} {32}
+
 finish_test