encoding/json: validate strings when decoding into Number

Unmarshaling a string into a json.Number should first check that the string is a valid Number.
If not, we should fail without decoding it.

Fixes #14702

Change-Id: I286178e93df74ad63c0a852c3f3489577072cf47
GitHub-Last-Rev: fe69bb68eed06d056639f440d2daf4bb7c99013b
GitHub-Pull-Request: golang/go#34272
Reviewed-on: https://go-review.googlesource.com/c/go/+/195045
Reviewed-by: Daniel Martí <mvdan@mvdan.cc>
Run-TryBot: Daniel Martí <mvdan@mvdan.cc>
TryBot-Result: Gobot Gobot <gobot@golang.org>

diff --git a/src/encoding/json/decode.go b/src/encoding/json/decode.go
index 360fc69d040ecda3f8f719df405fb8ca93ce6b7d..407fbcedbe9855fd2fcae5a5d49eb437b7e17130 100644 (file)
--- a/src/encoding/json/decode.go
+++ b/src/encoding/json/decode.go
@@ -949,6 +949,9 @@ func (d *decodeState) literalStore(item []byte, v reflect.Value, fromQuoted bool
                        }
                        v.SetBytes(b[:n])
                case reflect.String:
+                       if v.Type() == numberType && !isValidNumber(string(s)) {
+                               return fmt.Errorf("json: invalid number literal, trying to unmarshal %q into Number", item)
+                       }
                        v.SetString(string(s))
                case reflect.Interface:
                        if v.NumMethod() == 0 {

diff --git a/src/encoding/json/decode_test.go b/src/encoding/json/decode_test.go
index 489f8674d036e9c14444d609913fc766027ca938..4cbd2172d060446328b4d237af8f24c6012814ec 100644 (file)
--- a/src/encoding/json/decode_test.go
+++ b/src/encoding/json/decode_test.go
@@ -949,6 +949,37 @@ var unmarshalTests = []unmarshalTest{
                        Offset: 29,
                },
        },
+       // #14702
+       {
+               in:  `invalid`,
+               ptr: new(Number),
+               err: &SyntaxError{
+                       msg:    "invalid character 'i' looking for beginning of value",
+                       Offset: 1,
+               },
+       },
+       {
+               in:  `"invalid"`,
+               ptr: new(Number),
+               err: fmt.Errorf("json: invalid number literal, trying to unmarshal %q into Number", `"invalid"`),
+       },
+       {
+               in:  `{"A":"invalid"}`,
+               ptr: new(struct{ A Number }),
+               err: fmt.Errorf("json: invalid number literal, trying to unmarshal %q into Number", `"invalid"`),
+       },
+       {
+               in: `{"A":"invalid"}`,
+               ptr: new(struct {
+                       A Number `json:",string"`
+               }),
+               err: fmt.Errorf("json: invalid use of ,string struct tag, trying to unmarshal %q into json.Number", `invalid`),
+       },
+       {
+               in:  `{"A":"invalid"}`,
+               ptr: new(map[string]Number),
+               err: fmt.Errorf("json: invalid number literal, trying to unmarshal %q into Number", `"invalid"`),
+       },
 }
 
 func TestMarshal(t *testing.T) {