search

zserge / jsmn

Jsmn is a world fastest JSON parser/tokenizer. This is the official repo replacing the old one at Bitbucket
MIT License
3.72k stars 783 forks source link

No parameter validation in any functions #90

Closed IAXES closed 8 years ago

IAXES commented 8 years ago

If the client application doesn't properly initialize the context variable (ie: jsmn_parser p), the various API functions will potentially issue indirection operations on invalid/NULL pointers. I think this code would benefit from additional sanity checks at the beginning of each function, and changing the API a little bit (ie: no void functions, everything has a return code).

Do you have any concerns with this? If it sounds reasonable, I can put the changes in place easily enough, and have a pull request available fairly soon.

pt300 commented 8 years ago

What I have to say about it:

  1. I don't see the point in checking jsmn_parser for null since it's just 3 ints which is normally going to be allocated on stack.
  2. Check if tokens == NULL is already in code.
  3. If jsmn_parser would be passed uninitialized nothing bad would happen anyway since jsmn_parse() would die in beginning of for loop if pos > len OR after calling jsmn_alloc_token() if toknext > num_tokens.
  4. jsmn_parse() already has return codes and jsmn_init() has literally nothing to return. Rest are static functions.
IAXES commented 8 years ago

Sounds fair enough. Closing.