Runtime checks for nan and inf values?
#12
Comments
liautaud
changed the title
nan and inf floating-point values?nan and inf values?
|
There are quite a few other things, that your fuzzer missed like trying to encode invalid UTF-8. Yes the encoder does not check these things for performance reasons and expects these checks to be performed by the client. See the details of the contract here. |
|
@dbuenzli Alright, thanks! (The fuzzer did find bugs with invalid UTF-8, which we prevented by adding checks in the client, so we'll just do it for floats too then.) |
|
FWIW this makes 'jsonm' produce non-standard JSON output that cannot be parsed by regular JSON clients. Yojson does produce valid output on NaN (although it is still up to the client to know how to interpret it, but it can be done at the application layer without having to patch the JSON parser grammar). However AFAICT Yojson doesn't validate that its input is UTF-8, so I would still prefer to use 'jsonm' due to its better input validation. Due to 'jsonm' producing invalid JSON on output we had to switch our code to use yojson though (which AFAICT always produces valid JSON on output), it doesn't make sense to use 2 JSON libraries in the same application. |
|
While fuzzing the JSON encoder of Irmin, which uses
jsonmas a backend, I came across some counterintuitive bugs while trying to encode non-standard floating-points values.Although the documentation specifies that "Float lexemes must not be, Pervasives.nan, Pervasives.infinity or Pervasives.neg_infinity", there are no runtime errors when trying to encode such values. Instead, the encoder will comply and encode them using
%.16g, which could generate the invalid tokensnan,infor-inf, and the crash will only happen on decoding.Is this absence of runtime checks motivated by performance? Otherwise, would it be possible to add checks to
w_valueto prevent such tokens from being produced in the first place?The text was updated successfully, but these errors were encountered: