diff options
| author | Nice Zombies <nineteendo19d0@gmail.com> | 2024-10-18 12:29:47 (GMT) |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-10-18 12:29:47 (GMT) |
| commit | df751363e386d1f77c5ba9515a5539902457d386 (patch) | |
| tree | c2e52eb71b251d96a0f741de46351952e785d7fe /Lib/json | |
| parent | d358425e6968858e52908794d15f37e62abc74ec (diff) | |
| download | cpython-df751363e386d1f77c5ba9515a5539902457d386.zip cpython-df751363e386d1f77c5ba9515a5539902457d386.tar.gz cpython-df751363e386d1f77c5ba9515a5539902457d386.tar.bz2 | |
gh-125660: Reject invalid unicode escapes for Python implementation of JSON decoder (GH-125683)
Diffstat (limited to 'Lib/json')
| -rw-r--r-- | Lib/json/decoder.py | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/Lib/json/decoder.py b/Lib/json/decoder.py index d69a45d..ff4bfcd 100644 --- a/Lib/json/decoder.py +++ b/Lib/json/decoder.py @@ -50,17 +50,18 @@ _CONSTANTS = { } +HEXDIGITS = re.compile(r'[0-9A-Fa-f]{4}', FLAGS) STRINGCHUNK = re.compile(r'(.*?)(["\\\x00-\x1f])', FLAGS) BACKSLASH = { '"': '"', '\\': '\\', '/': '/', 'b': '\b', 'f': '\f', 'n': '\n', 'r': '\r', 't': '\t', } -def _decode_uXXXX(s, pos): - esc = s[pos + 1:pos + 5] - if len(esc) == 4 and esc[1] not in 'xX': +def _decode_uXXXX(s, pos, _m=HEXDIGITS.match): + esc = _m(s, pos + 1) + if esc is not None: try: - return int(esc, 16) + return int(esc.group(), 16) except ValueError: pass msg = "Invalid \\uXXXX escape" |