Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JSON parser panics on certain malformed input #339

Closed
apparentlymart opened this issue Jan 28, 2020 · 2 comments
Closed

JSON parser panics on certain malformed input #339

apparentlymart opened this issue Jan 28, 2020 · 2 comments
Labels
bug syntax/json v2 Relates to the v2 line of releases

Comments

@apparentlymart
Copy link
Contributor

Originally reported over in hashicorp/terraform#23964.

Given the following input, the JSON parser panics:

{
  "http_proxy_url: "http://xxxxxx",
}

Note that the property name string is not closed, and so presumably the parser is still in the string literal parsing state when it reaches the end of the buffer.

The panic stack trace reported in the Terraform issue is:

panic: runtime error: index out of range [69] with length 69

goroutine 1 [running]:
github.com/hashicorp/hcl/v2/json.(*peeker).Read(...)
        /private/tmp/terraform-20191211-59618-1xdshdv/terraform-0.12.18/pkg/mod/github.com/hashicorp/hcl/[email protected]/json/peeker.go:20
github.com/hashicorp/hcl/v2/json.parseObject.func1(0x0, 0xc000232468, 0x1, 0x266, 0x7ffeefbff7da, 0x1a, 0x12, 0x1a, 0x468, 0x12, ...)
        /private/tmp/terraform-20191211-59618-1xdshdv/terraform-0.12.18/pkg/mod/github.com/hashicorp/hcl/[email protected]/json/parser.go:127 +0xd8
github.com/hashicorp/hcl/v2/json.parseObject(0xc0005351e8, 0xc000207b60, 0x7ffeefbff7da, 0x1a, 0x12, 0x3)
        /private/tmp/terraform-20191211-59618-1xdshdv/terraform-0.12.18/pkg/mod/github.com/hashicorp/hcl/[email protected]/json/parser.go:157 +0x16d9
github.com/hashicorp/hcl/v2/json.parseValue(0xc0005351e8, 0x67, 0x267, 0x7ffeefbff7da, 0x1a, 0x12)
        /private/tmp/terraform-20191211-59618-1xdshdv/terraform-0.12.18/pkg/mod/github.com/hashicorp/hcl/[email protected]/json/parser.go:45 +0x708
github.com/hashicorp/hcl/v2/json.parseFileContent(0xc000232000, 0x4ce, 0x6ce, 0x7ffeefbff7da, 0x1a, 0x0, 0xc000535400, 0x203000, 0xc000535398, 0x10d4636)
        /private/tmp/terraform-20191211-59618-1xdshdv/terraform-0.12.18/pkg/mod/github.com/hashicorp/hcl/[email protected]/json/parser.go:21 +0x133
github.com/hashicorp/hcl/v2/json.Parse(0xc000232000, 0x4ce, 0x6ce, 0x7ffeefbff7da, 0x1a, 0x0, 0x0, 0xc0004ec9b2, 0x9)
        /private/tmp/terraform-20191211-59618-1xdshdv/terraform-0.12.18/pkg/mod/github.com/hashicorp/hcl/[email protected]/json/public.go:21 +0x77
github.com/hashicorp/terraform/command.(*Meta).addVarsFromFile(0xc0000f0700, 0x7ffeefbff7da, 0x1a, 0x4e, 0xc00026b770, 0x0, 0x0, 0x0)
        /private/tmp/terraform-20191211-59618-1xdshdv/terraform-0.12.18/src/github.com/hashicorp/terraform/command/meta_vars.go:158 +0x59c
github.com/hashicorp/terraform/command.(*Meta).collectVariableValues(0xc0000f0700, 0xc0000aa730, 0x0, 0x0, 0xc000229930)
        /private/tmp/terraform-20191211-59618-1xdshdv/terraform-0.12.18/src/github.com/hashicorp/terraform/command/meta_vars.go:112 +0x3a9
github.com/hashicorp/terraform/command.(*ApplyCommand).Run(0xc0000f0700, 0xc00003a090, 0x5, 0x5, 0xc00006e000)
        /private/tmp/terraform-20191211-59618-1xdshdv/terraform-0.12.18/src/github.com/hashicorp/terraform/command/apply.go:195 +0xd23
github.com/mitchellh/cli.(*CLI).Run(0xc0000ce640, 0xc0000ce640, 0xc000535cc0, 0x1)
        /private/tmp/terraform-20191211-59618-1xdshdv/terraform-0.12.18/pkg/mod/github.com/mitchellh/[email protected]/cli.go:255 +0x1da
main.wrappedMain(0x0)
        /private/tmp/terraform-20191211-59618-1xdshdv/terraform-0.12.18/src/github.com/hashicorp/terraform/main.go:238 +0xc44
main.realMain(0x0)
        /private/tmp/terraform-20191211-59618-1xdshdv/terraform-0.12.18/src/github.com/hashicorp/terraform/main.go:102 +0xb4
main.main()
        /private/tmp/terraform-20191211-59618-1xdshdv/terraform-0.12.18/src/github.com/hashicorp/terraform/main.go:38 +0x3a

In the situation where this was reported, Terraform was parsing a .tfvars.json file.
@apparentlymart apparentlymart added bug v2 Relates to the v2 line of releases syntax/json labels Jan 28, 2020
@apparentlymart apparentlymart mentioned this issue Jan 28, 2020
Closed
alisdair added a commit that referenced this issue Mar 25, 2020
@alisdair
json: Fix panic when parsing malformed JSON
b265bbd 
When scanning JSON, upon encountering an invalid token, we immediately
return. Previously this return happened without inserting an EOF token.
Since other functions assume that a token sequence always ends in EOF,
this could cause a panic.

This commit adds a synthetic EOF token after the invalid token before
returning. While this does not match the real end-of-file of the source
JSON, it is marking the end of the scanned bytes, so it seems reasonable.

Fixes #339
@alisdair alisdair mentioned this issue Mar 25, 2020
Merged
@alisdair
Copy link
Contributor

Will be fixed in the upcoming 2.4.0 release.

@skx
Copy link

skx commented Nov 15, 2021

This issue can be closed, as it was closed in the linked commit and has been released.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug syntax/json v2 Relates to the v2 line of releases
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@apparentlymart @alisdair @skx