Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

encoding/json: do not read beyond } in object #3942

gopherbot opened this issue Aug 11, 2012 · 3 comments

encoding/json: do not read beyond } in object #3942

gopherbot opened this issue Aug 11, 2012 · 3 comments


Copy link


Reproduced on encoding/json at tip. tries to decode a simple array passed over a
net.Conn. This program simulates a client connecting to a server, giving it a json
array, and then waiting for a response without sending further data.

This code causes json.Decoder to deadlock the program. Although it's successfully
decoded a complete array, it tries to read one past the end delimiter, causing another
Read() that will never be fulfilled.

Adding a space after the array closing bracket makes json.Decoder return as expected, as
it had no need to issue any more Reads to see the following byte.

This attempt to read one more byte may be a requirement of the JSON spec (which I'm not
intimate with), or it may be an off-by-one error in the decoder.

The documentation of the decoder states: "The decoder introduces its own buffering
and may read data from r beyond the JSON values requested."

I first read that to mean "Don't use the underlying io.Reader and expect to see the
bytes following the object you just decoded", which is fine and a common caveat of
such decoders. However, I really should have read it as "make sure you have some
data or an EOF after your object, or the decoder may lock up."

If that is the desired behavior, a more strongly worded warning in the docs would be
nice. If that's not desired, well, it's a bug :-).

Which compiler are you using (5g, 6g, 8g, gccgo)?


Which operating system are you using?


Which version are you using?  (run 'go version')

1.0.2, but behavior confirmed in tip's encoding/json.
Copy link

rsc commented Sep 12, 2012

Comment 1:

I always read 1 byte past the thing because in general you do need to, such as to find
where a number ends or to make sure that true is not truez (syntax error). However, for
[] and {} and "" we can avoid reading that extra byte and probably should.

Labels changed: added priority-later, removed priority-triage.

Status changed to Accepted.

Copy link

rsc commented Sep 12, 2012

Comment 2:

Labels changed: added go1.1.

Copy link

rsc commented Sep 18, 2012

Comment 3:

This issue was closed by revision ccf2b88.

Status changed to Fixed.

@rsc rsc added this to the Go1.1 milestone Apr 14, 2015
@rsc rsc removed the go1.1 label Apr 14, 2015
@golang golang locked and limited conversation to collaborators Jun 24, 2016
This issue was closed.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
None yet

No branches or pull requests

2 participants