implode: Better invalid input validation and handling

wader · wader · commit b214e2b9a3d8 · 2023-07-24T14:29:30.000+02:00
Error on non-number and nan codepoint, would asserd before Replace negative codepoint and surrogate range with unicode replacement character, would assert before Fixes #1160
diff --git a/src/builtin.c b/src/builtin.c
@@ -1201,9 +1201,20 @@ static jv f_string_indexes(jq_state *jq, jv a, jv b) {
 }
 
 static jv f_string_implode(jq_state *jq, jv a) {
+  int i;
+  int len;
   if (jv_get_kind(a) != JV_KIND_ARRAY) {
     return ret_error(a, jv_string("implode input must be an array"));
   }
+  len = jv_array_length(jv_copy(a));
+  for (i = 0; i < len; i++) {
+    jv n = jv_array_get(jv_copy(a), i);
+    if (jv_get_kind(n) != JV_KIND_NUMBER || jvp_number_is_nan(n)) {
+      jv_free(a);
+      return type_error(n, "codepoint must be a number");
+    }
+  }
+
   return jv_string_implode(a);
 }
 
diff --git a/src/jv.c b/src/jv.c
@@ -1362,7 +1362,8 @@ jv jv_string_implode(jv j) {
     assert(JVP_HAS_KIND(n, JV_KIND_NUMBER));
     int nv = jv_number_value(n);
     jv_free(n);
-    if (nv > 0x10FFFF)
+    // outside codepoint range or in utf16 surrogate pair range
+    if (nv < 0 || nv > 0x10FFFF || (nv >= 0xD800 && nv <= 0xDFFF))
       nv = 0xFFFD; // U+FFFD REPLACEMENT CHARACTER
     s = jv_string_append_codepoint(s, nv);
   }
diff --git a/src/jv.h b/src/jv.h
@@ -63,6 +63,7 @@ jv jv_number(double);
 jv jv_number_with_literal(const char*);
 double jv_number_value(jv);
 int jv_is_integer(jv);
+int jvp_number_is_nan(jv);
 
 int jv_number_has_literal(jv n);
 const char* jv_number_get_literal(jv);
diff --git a/src/jv_type_private.h b/src/jv_type_private.h
@@ -2,6 +2,5 @@
 #define JV_TYPE_PRIVATE
 
 int jvp_number_cmp(jv, jv);
-int jvp_number_is_nan(jv);
 
 #endif //JV_TYPE_PRIVATE
diff --git a/tests/jq.test b/tests/jq.test
@@ -1897,3 +1897,14 @@ any(keys[]|tostring?;true)
 {"a":"1","b":"2","c":"3"}
 true
 
+
+# explode/implode
+# test replacement character (65533) for outside codepoint range and 0xd800 (55296) - 0xdfff (57343) utf16 surrogate pair range
+# 1.1 and 1.9 to test round down of non-ints
+implode|explode
+[-1,0,1,2,3,1114111,1114112,55295,55296,57343,57344,1.1,1.9]
+[65533,0,1,2,3,1114111,65533,55295,65533,65533,57344,1,1]
+
+map(try implode catch .)
+[123,["a"],[nan]]
+["implode input must be an array","string (\"a\") codepoint must be a number","number (null) codepoint must be a number"]

Original file line number	Diff line number	Diff line change
`@@ -1201,9 +1201,20 @@ static jv f_string_indexes(jq_state *jq, jv a, jv b) {`
`1201`	`1201`	`}`
`1202`	`1202`
`1203`	`1203`	`static jv f_string_implode(jq_state *jq, jv a) {`
	`1204`	`+ int i;`
	`1205`	`+ int len;`
`1204`	`1206`	`if (jv_get_kind(a) != JV_KIND_ARRAY) {`
`1205`	`1207`	`return ret_error(a, jv_string("implode input must be an array"));`
`1206`	`1208`	`}`
	`1209`	`+ len = jv_array_length(jv_copy(a));`
	`1210`	`+ for (i = 0; i < len; i++) {`
	`1211`	`+ jv n = jv_array_get(jv_copy(a), i);`
	`1212`	`+ if (jv_get_kind(n) != JV_KIND_NUMBER \|\| jvp_number_is_nan(n)) {`
	`1213`	`+ jv_free(a);`
	`1214`	`+ return type_error(n, "codepoint must be a number");`
	`1215`	`+ }`
	`1216`	`+ }`
	`1217`	`+`
`1207`	`1218`	`return jv_string_implode(a);`
`1208`	`1219`	`}`
`1209`	`1220`