Page MenuHomePhabricator
Create Task
Maniphest T107132

Incorrect JSON decoding in HHVM 3.6.5+dfsg1-1+wm1
Closed, DuplicatePublic
Actions

Description

Test code:

<?php

function test( $test ) {
	$res = json_decode( $test );
	$err = $res === null ? ' (' . json_last_error_msg() . ')' : '';
	echo "$test => " . var_export( json_decode( $test ), 1 ) . "$err\n";
}

echo PHP_VERSION . "\n";

echo "\nPassing tests:\n";
test( '"true"' );
test( 'true' );
test( '"false"' );
test( 'false' );
test( '"null"' );
test( 'null' );

echo "\nShould fail:\n";
test( 'trueOBVIOUSLYnot' );
test( 'falseOBVIOUSLYnot' );
test( 'nullOBVIOUSLYnot' );
test( 'true, {} nil; [] false' );

Result in HHVM 3.6.5+dfsg1-1+wm1:

$ php test-107132.php 
5.6.99-hhvm

Passing tests:
"true" => 'true'
true => true
"false" => 'false'
false => false
"null" => 'null'
null => NULL (No error)

Should fail:
trueOBVIOUSLYnot => true
falseOBVIOUSLYnot => false
nullOBVIOUSLYnot => NULL (No error)
true, {} nil; [] false => true

Result in 5.5.9+dfsg-1ubuntu4.11:

5.5.9-1ubuntu4.11

Passing tests:
"true" => 'true'
true => true
"false" => 'false'
false => false
"null" => 'null'
null => NULL (No error)

Should fail:
trueOBVIOUSLYnot => NULL (unexpected character)
falseOBVIOUSLYnot => NULL (unexpected character)
nullOBVIOUSLYnot => NULL (unexpected character)
true, {} nil; [] false => NULL (unexpected character)

Tim reports this is fixed in the newest upstream versions, although the linked diff seems too old. It looks like it actually depends on whether HHVM is compiled to use json-c over its internal "no evil"-licensed version.

According to the documentation for json-c's json_tokener_parse_ex(), HHVM should be performing an additional check that it isn't performing. Upstream bug report is https://github.com/facebook/hhvm/issues/5812.

Related Objects

Event Timeline

Danny_B created this task.Jul 28 2015, 6:15 AM
Danny_B raised the priority of this task from to High.
Danny_B updated the task description. (Show Details)
Danny_B added subscribers: Danny_B, Anomie, tstarling.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 28 2015, 6:15 AM
Danny_B added a project: Scribunto.Jul 28 2015, 6:15 AM
Danny_B set Security to None.
tstarling added a comment.Jul 28 2015, 6:39 AM

This is apparently due to a fixed bug in json_decode(). I can reproduce it on a random appserver with hhvm -md, but not locally with a more recent HHVM build. Looking through recent changes to ext_json.cpp, this seems like the most likely bugfix commit: https://github.com/facebook/hhvm/commit/04fd8890b2b9853a51f541f90170ead76da9174b

Aklapper added a project: HHVM.Jul 28 2015, 9:52 AM
Anomie renamed this task from Incorrect JSON decoding in mw.text.jsonDecode() to Incorrect JSON decoding in HHVM 3.6.5+dfsg1-1+wm1.Jul 28 2015, 2:58 PM
Anomie updated the task description. (Show Details)
Anomie edited projects, added Upstream; removed Scribunto.
Ricordisamoa moved this task from Backlog to Reported Upstream on the Upstream board.Jan 13 2016, 2:34 PM
Ricordisamoa subscribed.
Krinkle moved this task from Backlog to Defect on the HHVM board.Feb 21 2016, 5:56 PM
Krinkle moved this task from Defect to Blocked on the HHVM board.
Krinkle moved this task from Blocked to Defect on the HHVM board.
ori mentioned this in T128029: TemplateData's PHP JSON validation isn't strict enough because WMF cluster's HHVM allows trailing commas.Mar 6 2016, 9:16 AM
ori closed this task as a duplicate of T128029: TemplateData's PHP JSON validation isn't strict enough because WMF cluster's HHVM allows trailing commas.
Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:41 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits