From 49aa2c8e5675f8e79fb362ce024ad84bc9c39ef1 Mon Sep 17 00:00:00 2001
From: Jonas Tarnstrom <jonas.tarnstrom@esn.me>
Date: Tue, 14 Aug 2012 11:24:08 +0200
Subject: [PATCH] Decoder now properly handles detection of trailing commas in
 arrays and trailing data at end of input

---
 lib/ultrajsondec.c | 42 +++++++++++++++++++++++++++++++++++-------
 1 file changed, 35 insertions(+), 7 deletions(-)

diff --git a/lib/ultrajsondec.c b/lib/ultrajsondec.c
index 947355e5..7af50b04 100644
--- a/lib/ultrajsondec.c
+++ b/lib/ultrajsondec.c
@@ -67,6 +67,11 @@ static JSOBJ SetError( struct DecoderState *ds, int offset, const char *message)
     return NULL;
 }
 
+static void ClearError( struct DecoderState *ds)
+{
+    ds->dec->errorOffset = 0;
+    ds->dec->errorStr = NULL;
+}
 
 FASTCALL_ATTR JSOBJ FASTCALL_MSVC decode_numeric ( struct DecoderState *ds)
 {
@@ -637,24 +642,38 @@ FASTCALL_ATTR JSOBJ FASTCALL_MSVC decode_array( struct DecoderState *ds)
 {
     JSOBJ itemValue;
     JSOBJ newObj = ds->dec->newArray();
+    int len = 0;
 
     ds->lastType = JT_INVALID;
     ds->start ++;
+    
 
     while (1)//(*ds->start) != '\0')
     {
         SkipWhitespace(ds);
 
-        if ((*ds->start) == ']')
-        {
-            ds->start++;
-            return newObj;
-        }
-
         itemValue = decode_any(ds);
 
         if (itemValue == NULL)
         {
+            switch (*(ds->start++))
+            {
+                case ']':
+                    if (len > 0)
+                    {
+                        ds->dec->releaseObject(newObj);
+                        return SetError(ds, -1, "Unexpected trailing comma in array");
+                    }
+                    // We end up here when decoding empty lists "[]"
+                    ClearError(ds);
+                    return newObj;
+
+                default:
+                    ds->dec->releaseObject(newObj);
+                    return SetError(ds, -1, "Unexpected character in found when decoding array value");
+            }
+        
+        
             ds->dec->releaseObject(newObj);
             return NULL;
         }
@@ -675,6 +694,8 @@ FASTCALL_ATTR JSOBJ FASTCALL_MSVC decode_array( struct DecoderState *ds)
                 ds->dec->releaseObject(newObj);
                 return SetError(ds, -1, "Unexpected character in found when decoding array value");
         }
+        
+        len ++;
     }
 
     ds->dec->releaseObject(newObj);
@@ -793,7 +814,7 @@ FASTCALL_ATTR JSOBJ FASTCALL_MSVC decode_any(struct DecoderState *ds)
                 // White space
                 ds->start ++;
                 break;
-
+                
             default:
                 return SetError(ds, -1, "Expected object or value");
         }
@@ -828,5 +849,12 @@ JSOBJ JSON_DecodeObject(JSONObjectDecoder *dec, const char *buffer, size_t cbBuf
     {
         dec->free(ds.escStart);
     }
+
+    if (ds.start != ds.end && ret)
+    {
+        dec->releaseObject(ret);    
+        return SetError(&ds, -1, "Trailing data");
+    }
+
     return ret;
 }