Invalid arguments passed to EachKey can cause a panic

Question

Invalid arguments passed to EachKey can cause a panic

floren opened this issue 5 years ago · 0 comments

The following test will cause a panic:

func TestJsonLibrary(t *testing.T) {
		cb := func(idx int, val []byte, vt jsonparser.ValueType, err error) {
		}
		badval = []byte(`{"foo": [{"bar": "baz"}]}`)
		jsonparser.EachKey(badval, cb, []string{"foo", "["})
}

--- FAIL: TestJsonLibrary (0.00s)
panic: runtime error: slice bounds out of range [1:0] [recovered]
	panic: runtime error: slice bounds out of range [1:0]

goroutine 20 [running]:
testing.tRunner.func1(0xc000118200)
	/usr/local/go/src/testing/testing.go:874 +0x3a3
panic(0x768280, 0xc0000fa140)
	/usr/local/go/src/runtime/panic.go:679 +0x1b2
github.com/buger/jsonparser.EachKey(0xc0000fa120, 0x19, 0x19, 0x7adf40, 0xc00004cf48, 0x1, 0x1, 0x0)
	/home/john/go/pkg/mod/github.com/buger/jsonparser@v0.0.0-20191004114745-ee4c978eae7e/parser.go:492 +0x10af

I acknowledge that it is bad code, but I managed to trigger it via careless parsing on my end