Merge pull request #298 from ks888/fix-value-error

Check the unicode code point range before unichr() is called
simplejson · Apr 21, 2022 · d8cee7b · d8cee7b
2 parents 02221b1 + 4eee720
commit d8cee7b
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/simplejson/decoder.py b/simplejson/decoder.py
@@ -109,6 +109,8 @@ def py_scanstring(s, end, encoding=None, strict=True,
                 uni = int(esc, 16)
             except ValueError:
                 raise JSONDecodeError(msg, s, end - 1)
+            if uni < 0 or uni > _maxunicode:
+                raise JSONDecodeError(msg, s, end - 1)
             end += 5
             # Check for surrogate pair on UCS-4 systems
             # Note that this will join high/low surrogate pairs

diff --git a/simplejson/tests/test_scanstring.py b/simplejson/tests/test_scanstring.py
@@ -132,6 +132,8 @@ def _test_scanstring(self, scanstring):
             self.assertRaises(ValueError,
                               scanstring, '\\ud834\\x0123"', 0, None, True)
 
+        self.assertRaises(json.JSONDecodeError, scanstring, "\\u-123", 0, None, True)
+
     def test_issue3623(self):
         self.assertRaises(ValueError, json.decoder.scanstring, "xxx", 1,
                           "xxx")