encoding/json: validate strings when decoding into Number

Unmarshaling a string into a json.Number should first check that the string is a valid Number. If not, we should fail without decoding it. Fixes #14702 Change-Id: I286178e93df74ad63c0a852c3f3489577072cf47 GitHub-Last-Rev: fe69bb68eed06d056639f440d2daf4bb7c99013b GitHub-Pull-Request: golang/go#34272 Reviewed-on: https://go-review.googlesource.com/c/go/+/195045 Reviewed-by: Daniel Martí <mvdan@mvdan.cc> Run-TryBot: Daniel Martí <mvdan@mvdan.cc> TryBot-Result: Gobot Gobot <gobot@golang.org>
author: Lucas Bremgartner <lucas@bremis.ch> 2019-09-16 19:46:12 +0000
committer: Daniel Martí <mvdan@mvdan.cc> 2019-09-16 21:56:53 +0000
commit: c1000c500cb4cec2991f8c1924cd5fff05279658 (patch)
tree: 437a1dba9133567ff611ffad29f926971f88e2d7 /src/encoding/json/decode.go
parent: 0e0bff840e3cd041aa9d103c6135862faae9c03f (diff)
download: go-c1000c500cb4cec2991f8c1924cd5fff05279658.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/src/encoding/json/decode.go b/src/encoding/json/decode.go
index 360fc69d04..407fbcedbe 100644
--- a/src/encoding/json/decode.go
+++ b/src/encoding/json/decode.go
@@ -949,6 +949,9 @@ func (d *decodeState) literalStore(item []byte, v reflect.Value, fromQuoted bool
 			}
 			v.SetBytes(b[:n])
 		case reflect.String:
+			if v.Type() == numberType && !isValidNumber(string(s)) {
+				return fmt.Errorf("json: invalid number literal, trying to unmarshal %q into Number", item)
+			}
 			v.SetString(string(s))
 		case reflect.Interface:
 			if v.NumMethod() == 0 {
author	Lucas Bremgartner <lucas@bremis.ch>	2019-09-16 19:46:12 +0000
committer	Daniel Martí <mvdan@mvdan.cc>	2019-09-16 21:56:53 +0000
commit	c1000c500cb4cec2991f8c1924cd5fff05279658 (patch)
tree	437a1dba9133567ff611ffad29f926971f88e2d7 /src/encoding/json/decode.go
parent	0e0bff840e3cd041aa9d103c6135862faae9c03f (diff)
download	go-c1000c500cb4cec2991f8c1924cd5fff05279658.tar.xz