Skip to content

EnumAccess.variant can parse non-string JSON object member names #979

@Marcono1234

Description

@Marcono1234

Version

1.0.91

Description

When visit_enum is used for a JSON object, then EnumAccess.variant can parse non-string JSON object member names, which is malformed JSON. The reason for this is likely that the following line does not enforce that the next value is a string:

json/src/de.rs

Line 2019 in e41ee42

let val = tri!(seed.deserialize(&mut *self.de));

Reproducer code

use serde::de::{Deserializer, VariantAccess, Visitor};

struct V;
impl<'de> Visitor<'de> for V {
    type Value = (Vec<bool>, ());

    fn expecting(&self, formatter: &mut std::fmt::Formatter) -> std::fmt::Result {
        write!(formatter, "enum")
    }

    fn visit_enum<A>(self, data: A) -> Result<Self::Value, A::Error>
    where
        A: serde::de::EnumAccess<'de>,
    {
        // Issue is here: Implementation for serde_json's internal VariantAccess struct
        // reads object member as regular value, without enforcing that it is a string
        let (key, variant_access) = data.variant()?;
        let value = variant_access.newtype_variant()?;
        Ok((key, value))
    }
}

fn main() {
    let mut de = serde_json::Deserializer::from_str("{[true]: null}");
    let entry = de.deserialize_enum("name", &[], V).unwrap();
    println!("entry: {entry:?}");
    de.end().unwrap();
}

This deserializes the malformed JSON object {[true]: null} without reporting any error.

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions