Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

decode(state, codep, byte) generates warnings. #3837

Closed
1 of 2 tasks
SimonPeacock opened this issue Nov 15, 2022 · 3 comments · Fixed by #3888
Closed
1 of 2 tasks

decode(state, codep, byte) generates warnings. #3837

SimonPeacock opened this issue Nov 15, 2022 · 3 comments · Fixed by #3888
Assignees
Labels
kind: bug solution: proposed fix a fix for the issue has been proposed and waits for confirmation

Comments

@SimonPeacock
Copy link

Description

Quite minor.. BUT

json.hpp, line 18822 ..
1/ the third parameter is named byte, 'byte' is also a 'type' and may lead to confusion.
It is also a public variable used in parse_error class which isn't an 8-bit value (json.hpp, line 4440)

2/ JSON_ASSERT(byte < utf8d.size()); (json.hpp, line 18844)
Since byte is declared as an uint8_t, its range is 0 < byte < 256.
This means the assert on an array of size 400 will never fail. VS2019 sometimes produces a warning for this.

3/ JSON_ASSERT(index < 400); (json.hpp, line 18852)
Shouldn't this be
JSON_ASSERT(index < utf8d.size());

Simon

Reproduction steps

"Build"->"Run Code Analyzer on Solution"

Expected vs. actual results

n/a

Minimal code example

No response

Error messages

Warning	C28020	The expression '0<=_Param_(1)&&_Param_(1)<=400-1' is not true at this call.

This message doesn't always show up, I ended up analyzing the code ("Build"->"Run Code Analyzer on Solution")

Compiler and operating system

Windows 10, Microsoft Visual Studio Professional 2019

Library version

version 3.10.4

Validation

@falbrechtskirchinger
Copy link
Contributor

json.hpp, line 18822 .. 1/ the third parameter is named byte, 'byte' is also a 'type' and may lead to confusion. It is also a public variable used in parse_error class which isn't an 8-bit value (json.hpp, line 4440)

I'm not too concerned about confusion with std::byte, especially since decode() is an internal function.
We can't change a public member variable name until 4.0.0.

2/ JSON_ASSERT(byte < utf8d.size()); (json.hpp, line 18844) Since byte is declared as an uint8_t, its range is 0 < byte < 256. This means the assert on an array of size 400 will never fail. VS2019 sometimes produces a warning for this.

I'd be OK with either re-writing or completely removing the assertion.

3/ JSON_ASSERT(index < 400); (json.hpp, line 18852) Shouldn't this be JSON_ASSERT(index < utf8d.size());

Yes.

@gregmarr
Copy link
Contributor

It is also a public variable used in parse_error class which isn't an 8-bit value (json.hpp, line 4440)

That's fine. byte by itself is not a reserved word. It is referring to the particular byte in the stream, so it is a perfectly reasonable name. We could change it to byte_index but I don't think that's necessary.

@nlohmann
Copy link
Owner

My 2 cents:

  1. The name byte makes sense here: the variable actually is a byte; this name is also used on http://bjoern.hoehrmann.de/utf-8/decoder/dfa/ where we got the code from. I would leave it as is. As @gregmarr pointed out, we can't rename detail::parse_error::byte as it would be a breaking change.
  2. I'd like to leave the assertion there, because it documents that we are on the safe side to access the array at that index. Removing the assertion because it just cannot happen would then yield a comment that basically states the same: it is safe to use that untrusted value as array index. I'd rather have code than comments here.
  3. Right - 400 is an unnecessary magic number here, and utf8d.size() much more expressive.

I'll create a merge request.

@nlohmann nlohmann self-assigned this Dec 18, 2022
@nlohmann nlohmann added the solution: proposed fix a fix for the issue has been proposed and waits for confirmation label Dec 18, 2022
@nlohmann nlohmann added this to the Release 3.11.3 milestone Dec 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind: bug solution: proposed fix a fix for the issue has been proposed and waits for confirmation
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants