From 9be589598595963f94ba264d7b416d0533421106 Mon Sep 17 00:00:00 2001
From: Jordan Bayles <jophba@chromium.org>
Date: Sat, 30 May 2020 20:20:20 -0700
Subject: [PATCH] Issue 1182: Fix fuzzing bug (#1183)

This patch fixes a fuzzing bug by resolving a bad fallthrough in the
setComment logic.

The result is that we get a proper error instead of an assert, making
the library friendlier to use and less likely to cause issue for
consumers.

See related Chromium project bug:
https://bugs.chromium.org/p/chromium/issues/detail?id=989851

Issue: 1182
---
 src/lib_json/json_reader.cpp      | 7 +++++--
 test/data/fail_invalid_quote.json | 1 +
 2 files changed, 6 insertions(+), 2 deletions(-)
 create mode 100644 test/data/fail_invalid_quote.json

diff --git a/src/lib_json/json_reader.cpp b/src/lib_json/json_reader.cpp
index 23cbe60..19922a8 100644
--- a/src/lib_json/json_reader.cpp
+++ b/src/lib_json/json_reader.cpp
@@ -1175,8 +1175,11 @@ bool OurReader::readToken(Token& token) {
     if (features_.allowSingleQuotes_) {
       token.type_ = tokenString;
       ok = readStringSingleQuote();
-      break;
-    } // else fall through
+    } else {
+      // If we don't allow single quotes, this is a failure case.
+      ok = false;
+    }
+    break;
   case '/':
     token.type_ = tokenComment;
     ok = readComment();
diff --git a/test/data/fail_invalid_quote.json b/test/data/fail_invalid_quote.json
new file mode 100644
index 0000000..dae27f5
--- /dev/null
+++ b/test/data/fail_invalid_quote.json
@@ -0,0 +1 @@
+{'//this is bad JSON.'}
\ No newline at end of file