lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <YWBDo5Ciq1hOIxLq@krava>
Date:   Fri, 8 Oct 2021 15:12:03 +0200
From:   Jiri Olsa <jolsa@...hat.com>
To:     James Clark <james.clark@....com>
Cc:     acme@...nel.org, john.garry@...wei.com, ak@...ux.intel.com,
        linux-perf-users@...r.kernel.org, Nick.Forrington@....com,
        Andrew.Kilroy@....com, Will Deacon <will@...nel.org>,
        Mathieu Poirier <mathieu.poirier@...aro.org>,
        Leo Yan <leo.yan@...aro.org>,
        Mark Rutland <mark.rutland@....com>,
        Alexander Shishkin <alexander.shishkin@...ux.intel.com>,
        Namhyung Kim <namhyung@...nel.org>,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH 2/3] perf tools: Make the JSON parser more conformant
 when in strict mode

On Fri, Oct 08, 2021 at 11:08:25AM +0100, James Clark wrote:
> 
> 
> On 07/10/2021 18:52, Jiri Olsa wrote:
> > On Thu, Oct 07, 2021 at 12:05:41PM +0100, James Clark wrote:
> >> Return an error when a trailing comma is found or a new item is
> >> encountered before a comma or an opening brace. This ensures that the
> >> perf json files conform more closely to the spec at https://www.json.org
> >>
> >> Signed-off-by: James Clark <james.clark@....com>
> >> ---
> >>  tools/perf/pmu-events/jsmn.c | 42 ++++++++++++++++++++++++++++++++++--
> >>  1 file changed, 40 insertions(+), 2 deletions(-)
> >>
> >> diff --git a/tools/perf/pmu-events/jsmn.c b/tools/perf/pmu-events/jsmn.c
> >> index 11d1fa18bfa5..8124d2d3ff0c 100644
> >> --- a/tools/perf/pmu-events/jsmn.c
> >> +++ b/tools/perf/pmu-events/jsmn.c
> >> @@ -176,6 +176,14 @@ jsmnerr_t jsmn_parse(jsmn_parser *parser, const char *js, size_t len,
> >>  	jsmnerr_t r;
> >>  	int i;
> >>  	jsmntok_t *token;
> >> +#ifdef JSMN_STRICT
> > 
> > I might have missed some discussion on this, but do we need the
> > JSMN_STRICT define, if you enable it in the next patch?
> > why can't we be more strict by default.. do you plan to disable
> > it in future?
> 
> I didn't plan on disabling it, I was just trying to keep to the existing style of the
> jsmn project.
> 
> I could have added the trailing comma detection by default and not inside any
> #ifdef JSMN_STRICT blocks, but I would like to enable JSMN_STRICT anyway, because it
> enables some additional built in checking that was already there. So I thought it
> made sense to put my new strict stuff inside the existing strict option.
> 
> One option would be to remove all (including the existing) #ifdef JSMN_STRICT blocks
> and have everything strict by default. But it would be a further deviation from jsmn.

ok, I think it makes sense to have JSMN_STRICT then..
thanks for explanation

Acked-by: Jiri Olsa <jolsa@...hat.com>

jirka

> 
> Thanks
> James
> 
> > 
> > thanks,
> > jirka
> > 
> >> +	/*
> >> +	 * Keeps track of whether a new object/list/primitive is expected. New items are only
> >> +	 * allowed after an opening brace, comma or colon. A closing brace after a comma is not
> >> +	 * valid JSON.
> >> +	 */
> >> +	int expecting_item = 1;
> >> +#endif
> >>  
> >>  	for (; parser->pos < len; parser->pos++) {
> >>  		char c;
> >> @@ -185,6 +193,10 @@ jsmnerr_t jsmn_parse(jsmn_parser *parser, const char *js, size_t len,
> >>  		switch (c) {
> >>  		case '{':
> >>  		case '[':
> >> +#ifdef JSMN_STRICT
> >> +			if (!expecting_item)
> >> +				return JSMN_ERROR_INVAL;
> >> +#endif
> >>  			token = jsmn_alloc_token(parser, tokens, num_tokens);
> >>  			if (token == NULL)
> >>  				return JSMN_ERROR_NOMEM;
> >> @@ -196,6 +208,10 @@ jsmnerr_t jsmn_parse(jsmn_parser *parser, const char *js, size_t len,
> >>  			break;
> >>  		case '}':
> >>  		case ']':
> >> +#ifdef JSMN_STRICT
> >> +			if (expecting_item)
> >> +				return JSMN_ERROR_INVAL;
> >> +#endif
> >>  			type = (c == '}' ? JSMN_OBJECT : JSMN_ARRAY);
> >>  			for (i = parser->toknext - 1; i >= 0; i--) {
> >>  				token = &tokens[i];
> >> @@ -219,6 +235,11 @@ jsmnerr_t jsmn_parse(jsmn_parser *parser, const char *js, size_t len,
> >>  			}
> >>  			break;
> >>  		case '\"':
> >> +#ifdef JSMN_STRICT
> >> +			if (!expecting_item)
> >> +				return JSMN_ERROR_INVAL;
> >> +			expecting_item = 0;
> >> +#endif
> >>  			r = jsmn_parse_string(parser, js, len, tokens,
> >>  					      num_tokens);
> >>  			if (r < 0)
> >> @@ -229,11 +250,15 @@ jsmnerr_t jsmn_parse(jsmn_parser *parser, const char *js, size_t len,
> >>  		case '\t':
> >>  		case '\r':
> >>  		case '\n':
> >> -		case ':':
> >> -		case ',':
> >>  		case ' ':
> >>  			break;
> >>  #ifdef JSMN_STRICT
> >> +		case ':':
> >> +		case ',':
> >> +			if (expecting_item)
> >> +				return JSMN_ERROR_INVAL;
> >> +			expecting_item = 1;
> >> +			break;
> >>  			/*
> >>  			 * In strict mode primitives are:
> >>  			 * numbers and booleans.
> >> @@ -253,6 +278,9 @@ jsmnerr_t jsmn_parse(jsmn_parser *parser, const char *js, size_t len,
> >>  		case 'f':
> >>  		case 'n':
> >>  #else
> >> +		case ':':
> >> +		case ',':
> >> +			break;
> >>  			/*
> >>  			 * In non-strict mode every unquoted value
> >>  			 * is a primitive.
> >> @@ -260,6 +288,12 @@ jsmnerr_t jsmn_parse(jsmn_parser *parser, const char *js, size_t len,
> >>  			/*FALL THROUGH */
> >>  		default:
> >>  #endif
> >> +
> >> +#ifdef JSMN_STRICT
> >> +			if (!expecting_item)
> >> +				return JSMN_ERROR_INVAL;
> >> +			expecting_item = 0;
> >> +#endif
> >>  			r = jsmn_parse_primitive(parser, js, len, tokens,
> >>  						 num_tokens);
> >>  			if (r < 0)
> >> @@ -282,7 +316,11 @@ jsmnerr_t jsmn_parse(jsmn_parser *parser, const char *js, size_t len,
> >>  			return JSMN_ERROR_PART;
> >>  	}
> >>  
> >> +#ifdef JSMN_STRICT
> >> +	return expecting_item ? JSMN_ERROR_INVAL : JSMN_SUCCESS;
> >> +#else
> >>  	return JSMN_SUCCESS;
> >> +#endif
> >>  }
> >>  
> >>  /*
> >> -- 
> >> 2.28.0
> >>
> > 
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ