Fix unit tests and skipOneHexEscape logic for overflows.

Author: czjaso

source/core_json.c

@@ -331,17 +331,16 @@ static bool skipOneHexEscape( const char * buf,
     size_t i = 0U, end = 0U;
     uint16_t value = 0U;
 
-    coreJSON_ASSERT( ( buf != NULL ) && ( start != NULL ) && ( max > 0U ) );
-    coreJSON_ASSERT( outValue != NULL );
+    coreJSON_ASSERT( ( buf != NULL ) && ( start != NULL ) && ( max > 0U ) && ( outValue != NULL ) );
 
     i = *start;
 #define HEX_ESCAPE_LENGTH    ( 6U )   /* e.g., \u1234 */
     /* MISRA Ref 14.3.1 [Configuration dependent invariant] */
     /* More details at: https://github.com/FreeRTOS/coreJSON/blob/main/MISRA.md#rule-143 */
     /* coverity[misra_c_2012_rule_14_3_violation] */
-    end = ( i <= ( SIZE_MAX - HEX_ESCAPE_LENGTH ) ) ? ( i + HEX_ESCAPE_LENGTH ) : SIZE_MAX;
+    end = i + HEX_ESCAPE_LENGTH;
 
-    if( ( end < max ) && ( buf[ i ] == '\\' ) && ( buf[ i + 1U ] == 'u' ) )
+    if( ( end > i ) && ( end < max ) && ( buf[ i ] == '\\' ) && ( buf[ i + 1U ] == 'u' ) )
     {
         for( i += 2U; i < end; i++ )
         {

test/unit-test/core_json_utest.c

@@ -103,7 +103,7 @@
     "\"foo\":\"abc\",\"" FIRST_QUERY_KEY "\":" FIRST_QUERY_KEY_ANSWER "}"
 #define JSON_DOC_VARIED_SCALARS_LENGTH                     ( sizeof( JSON_DOC_VARIED_SCALARS ) - 1 )
 
-#define MULTIPLE_VALID_ESCAPES                             "\\\\ \\\" \\/ \\b \\f \\n \\r \\t \\\x12"
+#define MULTIPLE_VALID_ESCAPES                             "\\\\ \\\" \\/ \\b \\f \\n \\r \\t \\u0001"
 #define MULTIPLE_VALID_ESCAPES_LENGTH                      ( sizeof( MULTIPLE_VALID_ESCAPES ) - 1 )
 
 #define JSON_DOC_QUERY_KEY_NOT_FOUND                       "{\"hello\": \"world\"}"
@@ -354,12 +354,6 @@
     "\":{\"" SECOND_QUERY_KEY "\" : \"\\uD83D\\uD83D\"}}"
 #define UNICODE_BOTH_SURROGATES_HIGH_LENGTH                 ( sizeof( UNICODE_BOTH_SURROGATES_HIGH ) - 1 )
 
-/* For security, \u0000 is disallowed. */
-#define UNICODE_ESCAPE_SEQUENCE_ZERO_CP   \
-    "{\"foo\":\"abc\",\"" FIRST_QUERY_KEY \
-    "\":{\"" SECOND_QUERY_KEY "\" : \"\\u0000\"}}"
-#define UNICODE_ESCAPE_SEQUENCE_ZERO_CP_LENGTH    ( sizeof( UNICODE_ESCAPE_SEQUENCE_ZERO_CP ) - 1 )
-
 /* /NUL escape is disallowed. */
 #define NUL_ESCAPE                        \
     "{\"foo\":\"abc\",\"" FIRST_QUERY_KEY \
@@ -580,6 +574,7 @@ void test_JSON_Validate_Legal_Documents( void )
 
     jsonStatus = JSON_Validate( JSON_DOC_MULTIPLE_VALID_ESCAPES,
                                 JSON_DOC_MULTIPLE_VALID_ESCAPES_LENGTH );
+
     TEST_ASSERT_EQUAL( JSONSuccess, jsonStatus );
 
     jsonStatus = JSON_Validate( JSON_DOC_LEGAL_UTF8_BYTE_SEQUENCES,
@@ -802,10 +797,6 @@ void test_JSON_Validate_Illegal_Documents( void )
                                 UNICODE_BOTH_SURROGATES_HIGH_LENGTH );
     TEST_ASSERT_EQUAL( JSONIllegalDocument, jsonStatus );
 
-    jsonStatus = JSON_Validate( UNICODE_ESCAPE_SEQUENCE_ZERO_CP,
-                                UNICODE_ESCAPE_SEQUENCE_ZERO_CP_LENGTH );
-    TEST_ASSERT_EQUAL( JSONIllegalDocument, jsonStatus );
-
     jsonStatus = JSON_Validate( UNICODE_VALID_HIGH_INVALID_LOW_SURROGATE,
                                 UNICODE_VALID_HIGH_INVALID_LOW_SURROGATE_LENGTH );
     TEST_ASSERT_EQUAL( JSONIllegalDocument, jsonStatus );
@@ -1506,14 +1497,6 @@ void test_JSON_Search_Illegal_Documents( void )
                               &outValueLength );
     TEST_ASSERT_EQUAL( JSONNotFound, jsonStatus );
 
-    jsonStatus = JSON_Search( UNICODE_ESCAPE_SEQUENCE_ZERO_CP,
-                              UNICODE_ESCAPE_SEQUENCE_ZERO_CP_LENGTH,
-                              COMPLETE_QUERY_KEY,
-                              COMPLETE_QUERY_KEY_LENGTH,
-                              &outValue,
-                              &outValueLength );
-    TEST_ASSERT_EQUAL( JSONNotFound, jsonStatus );
-
     jsonStatus = JSON_Search( UNICODE_VALID_HIGH_INVALID_LOW_SURROGATE,
                               UNICODE_VALID_HIGH_INVALID_LOW_SURROGATE_LENGTH,
                               COMPLETE_QUERY_KEY,