From 6d7fb274abd1f7fdc9de00979217a6933eb76252 Mon Sep 17 00:00:00 2001 From: Kishin Yagami Date: Thu, 21 Apr 2022 22:20:51 +0900 Subject: [PATCH 1/2] Check the unicode code point range before chr() is called --- simplejson/decoder.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/simplejson/decoder.py b/simplejson/decoder.py index 7f0b0568..1a8f772f 100644 --- a/simplejson/decoder.py +++ b/simplejson/decoder.py @@ -109,6 +109,8 @@ def py_scanstring(s, end, encoding=None, strict=True, uni = int(esc, 16) except ValueError: raise JSONDecodeError(msg, s, end - 1) + if uni < 0 or uni > _maxunicode: + raise JSONDecodeError(msg, s, end - 1) end += 5 # Check for surrogate pair on UCS-4 systems # Note that this will join high/low surrogate pairs From 4eee7207da04f974b3b79caf29cacb6f709ad464 Mon Sep 17 00:00:00 2001 From: Kishin Yagami Date: Thu, 21 Apr 2022 22:46:26 +0900 Subject: [PATCH 2/2] Add the unit test --- simplejson/tests/test_scanstring.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/simplejson/tests/test_scanstring.py b/simplejson/tests/test_scanstring.py index d5de1801..c6c53b81 100644 --- a/simplejson/tests/test_scanstring.py +++ b/simplejson/tests/test_scanstring.py @@ -132,6 +132,8 @@ def _test_scanstring(self, scanstring): self.assertRaises(ValueError, scanstring, '\\ud834\\x0123"', 0, None, True) + self.assertRaises(json.JSONDecodeError, scanstring, "\\u-123", 0, None, True) + def test_issue3623(self): self.assertRaises(ValueError, json.decoder.scanstring, "xxx", 1, "xxx")