Fixing inproper escape handling of control characters in json library.

Author: stgates

Release/src/json/json.cpp

@@ -340,8 +340,11 @@ bool web::json::number::is_int64() const
 
 bool web::json::details::_String::has_escape_chars(const _String &str)
 {
-    static const auto escapes = U("\"\\\b\f\r\n\t");
-    return str.m_string.find_first_of(escapes) != utility::string_t::npos;
+    static const std::array<::utility::string_t::value_type, 33> escapes =
+        { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, /* 0x00 - 0x1F */ '\"' };
+
+    // Provide the range otherwise find_first_of will think the first null terminator character is the end.
+    return str.m_string.find_first_of(escapes.data(), 0, escapes.size()) != utility::string_t::npos;
 }
 
 web::json::details::_Object::_Object(const _Object& other) :

Release/src/json/json_serialization.cpp

@@ -74,9 +74,9 @@ void web::json::value::format(std::basic_string<char>& string) const
 template<typename CharType>
 void web::json::details::append_escape_string(std::basic_string<CharType>& str, const std::basic_string<CharType>& escaped)
 {
-    for (auto iter = escaped.begin(); iter != escaped.end(); ++iter)
+    for (const auto &ch : escaped)
     {
-        switch (*iter)
+        switch (ch)
         {
             case '\"':
                 str += '\\';
@@ -107,7 +107,22 @@ void web::json::details::append_escape_string(std::basic_string<CharType>& str,
                 str += 't';
                 break;
             default:
-                str += *iter;
+
+                // If a control character then must unicode escaped.
+                if (ch >= 0 && ch <= 0x1F)
+                {
+                    static const std::array<CharType, 16> intToHex = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'A', 'B', 'C', 'D', 'E', 'F' };
+                    str += '\\';
+                    str += 'u';
+                    str += '0';
+                    str += '0';
+                    str += intToHex[(ch & 0xF0) >> 4];
+                    str += intToHex[ch & 0x0F];
+                }
+                else
+                {
+                    str += ch;
+                }
         }
     }
 }

Release/tests/functional/json/parsing_tests.cpp

@@ -22,7 +22,9 @@
 ****/
 
 #include "stdafx.h"
+
 #include <array>
+#include <iomanip>
 
 #if defined(_WIN32) || defined(__APPLE__)
 #include <regex>
@@ -221,6 +223,48 @@ TEST(escaped_unicode_string)
     VERIFY_PARSING_THROW(json::value::parse(U("\"\\u0klB\"")));
 }
 
+TEST(escaping_control_characters)
+{
+    for (int i = 0; i <= 0x1F; ++i)
+    {
+        ::utility::stringstream_t ss;
+        ss << U("\"\\u") << std::uppercase << std::setfill(U('0')) << std::setw(4) << std::hex << i << U("\"");
+        const auto &str = ss.str();
+        auto expectedStr = str;
+        if (i == 0x08)
+        {
+            expectedStr = U("\"\\b\"");
+        }
+        else if (i == 0x09)
+        {
+            expectedStr = U("\"\\t\"");
+        }
+        else if (i == 0x0A)
+        {
+            expectedStr = U("\"\\n\"");
+        }
+        else if (i == 0x0C)
+        {
+            expectedStr = U("\"\\f\"");
+        }
+        else if (i == 0x0D)
+        {
+            expectedStr = U("\"\\r\"");
+        }
+
+        // Try constructing a json string value directly.
+        ::utility::string_t schar;
+        schar.push_back(static_cast<::utility::string_t::value_type>(i));
+        const auto &sv = json::value::string(schar);
+        VERIFY_ARE_EQUAL(expectedStr, sv.serialize());
+
+        // Try parsing a string
+        const auto &v = json::value::parse(str);
+        VERIFY_IS_TRUE(v.is_string());
+        VERIFY_ARE_EQUAL(expectedStr, v.serialize());
+    }
+}
+
 TEST(comments_string)
 {
     // Nothing but a comment