mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2025-12-07 21:59:54 +00:00
AK: Disallow construction of JsonParser
JsonParser has a footgun where it does not retain ownership of the
string to be parsed. For example, the following results in UAF:
JsonParser parser(something_returning_a_string());
parser.parse();
Let's avoid this altogether by only allowing use of JsonParser with
a static, safe method.
This commit is contained in:
Timothy Flynn
Jelle Raaijmakers
parent
64aaf73775
commit
086a921213
Notes:
github-actions[bot]
2025-03-20 09:51:24 +00:00
Author: https://github.com/trflynn89
Commit: 086a921213
Pull-request: https://github.com/LadybirdBrowser/ladybird/pull/4008
Reviewed-by: https://github.com/gmta ✅
4 changed files with 13 additions and 7 deletions
|
|
@ -13,14 +13,15 @@ namespace AK {
|
|||
|
||||
class JsonParser : private GenericLexer {
|
||||
public:
|
||||
static ErrorOr<JsonValue> parse(StringView);
|
||||
|
||||
private:
|
||||
explicit JsonParser(StringView input)
|
||||
: GenericLexer(input)
|
||||
{
|
||||
}
|
||||
|
||||
ErrorOr<JsonValue> parse();
|
||||
|
||||
private:
|
||||
ErrorOr<JsonValue> parse_json();
|
||||
ErrorOr<JsonValue> parse_helper();
|
||||
|
||||
ErrorOr<ByteString> consume_and_unescape_string();
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue