-
Notifications
You must be signed in to change notification settings - Fork 596
Open
Labels
Description
Version
1.0.91
Description
When visit_enum
is used for a JSON object, then EnumAccess.variant
can parse non-string JSON object member names, which is malformed JSON. The reason for this is likely that the following line does not enforce that the next value is a string:
Line 2019 in e41ee42
let val = tri!(seed.deserialize(&mut *self.de)); |
Reproducer code
use serde::de::{Deserializer, VariantAccess, Visitor};
struct V;
impl<'de> Visitor<'de> for V {
type Value = (Vec<bool>, ());
fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result {
write!(formatter, "enum")
}
fn visit_enum<A>(self, data: A) -> Result<Self::Value, A::Error>
where
A: serde::de::EnumAccess<'de>,
{
// Issue is here: Implementation for serde_json's internal VariantAccess struct
// reads object member as regular value, without enforcing that it is a string
let (key, variant_access) = data.variant()?;
let value = variant_access.newtype_variant()?;
Ok((key, value))
}
}
fn main() {
let mut de = serde_json::Deserializer::from_str("{[true]: null}");
let entry = de.deserialize_enum("name", &[], V).unwrap();
println!("entry: {entry:?}");
de.end().unwrap();
}
This deserializes the malformed JSON object {[true]: null}
without reporting any error.