Fix SEGV crash caused by Value(s) appended to itself.

Copying such Value(s) causes infinite recursion on `dupPayload` call.
2021-10-20 15:38:13 +09:00 · 2021-10-20 15:38:13 +09:00 · 897f3d50aa
commit 897f3d50aa
parent 94a6220f7c
2 changed files with 6 additions and 0 deletions
--- a/src/lib_json/json_value.cpp
+++ b/src/lib_json/json_value.cpp
@ -1128,6 +1128,8 @@ Value& Value::append(const Value& value) { return append(Value(value)); }
 Value& Value::append(Value&& value) {
  JSON_ASSERT_MESSAGE(type() == nullValue || type() == arrayValue,
                      "in Json::Value::append: requires arrayValue");
+  JSON_ASSERT_MESSAGE(&value != this,
+                      "in Json::Value::append: appending self using move constructor is forbidden.");
  if (type() == nullValue) {
    *this = Value(arrayValue);
  }
--- a/src/test_lib_json/main.cpp
+++ b/src/test_lib_json/main.cpp
@ -2136,6 +2136,10 @@ JSONTEST_FIXTURE_LOCAL(ValueTest, searchValueByPath) {
    JSONTEST_ASSERT_STRING_EQUAL(expected, outcome);
  }
 }
+JSONTEST_FIXTURE_LOCAL(ValueTest, valueAppendingSelf) {
+  Json::Value value1{Json::ValueType::nullValue}, value2;
+  JSONTEST_ASSERT_THROWS(value2 = value1.append(std::move(value1)));
+}
 struct FastWriterTest : JsonTest::TestCase {};

 JSONTEST_FIXTURE_LOCAL(FastWriterTest, dropNullPlaceholders) {