`EnumAccess.variant` can parse non-string JSON object member names

[Marcono1234]

Version

1.0.91

Description

When visit_enum is used for a JSON object, then EnumAccess.variant can parse non-string JSON object member names, which is malformed JSON. The reason for this is likely that the following line does not enforce that the next value is a string:

json/src/de.rs

Line 2019 in e41ee42

let val = tri!(seed.deserialize(&mut *self.de));

Reproducer code

use serde::de::{Deserializer, VariantAccess, Visitor};

struct V;
impl<'de> Visitor<'de> for V {
    type Value = (Vec<bool>, ());

    fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result {
        write!(formatter, "enum")
    }

    fn visit_enum<A>(self, data: A) -> Result<Self::Value, A::Error>
    where
        A: serde::de::EnumAccess<'de>,
    {
        // Issue is here: Implementation for serde_json's internal VariantAccess struct
        // reads object member as regular value, without enforcing that it is a string
        let (key, variant_access) = data.variant()?;
        let value = variant_access.newtype_variant()?;
        Ok((key, value))
    }
}

fn main() {
    let mut de = serde_json::Deserializer::from_str("{[true]: null}");
    let entry = de.deserialize_enum("name", &[], V).unwrap();
    println!("entry: {entry:?}");
    de.end().unwrap();
}

This deserializes the malformed JSON object {[true]: null} without reporting any error.