In some cases JsonStreamReader::next_name() returns values which don't match the actual name in the JSON data, or the method panics because UTF-8 to string conversion failed.
If name_bytes are backed by the buf of the reader, but after_name() has to refill the buffer to skip past the :, it overwrites the content of buf and therefore affects the value returned as name.
This leads to incorrect results or panics in case name_bytes now points to a section of incomplete UTF-8 data.
Struson version
0.2.0
Description
In some cases
JsonStreamReader::next_name()
returns values which don't match the actual name in the JSON data, or the method panics because UTF-8 to string conversion failed.The underlying issue seems to be here: https://github.com/Marcono1234/struson/blob/a05bee47eeedca102699d15decfc2b42577587b4/src/reader.rs#L3522-L3523
If
name_bytes
are backed by thebuf
of the reader, butafter_name()
has to refill the buffer to skip past the:
, it overwrites the content ofbuf
and therefore affects the value returned as name. This leads to incorrect results or panics in casename_bytes
now points to a section of incomplete UTF-8 data.