diff options
Diffstat (limited to 'json/src')
| -rw-r--r-- | json/src/main/java/org/json/JSONTokener.java | 11 | ||||
| -rw-r--r-- | json/src/test/java/org/json/JSONObjectTest.java | 9 |
2 files changed, 14 insertions, 6 deletions
diff --git a/json/src/main/java/org/json/JSONTokener.java b/json/src/main/java/org/json/JSONTokener.java index 202e2e6..8caecc8 100644 --- a/json/src/main/java/org/json/JSONTokener.java +++ b/json/src/main/java/org/json/JSONTokener.java @@ -188,8 +188,6 @@ public class JSONTokener { * not include it in the returned string. * * @param quote either ' or ". - * @throws NumberFormatException if any unicode escape sequences are - * malformed. */ public String nextString(char quote) throws JSONException { /* @@ -235,9 +233,6 @@ public class JSONTokener { * immediately follow a backslash. The backslash '\' should have already * been read. This supports both unicode escapes "u000A" and two-character * escapes "\n". - * - * @throws NumberFormatException if any unicode escape sequences are - * malformed. */ private char readEscapeCharacter() throws JSONException { char escaped = in.charAt(pos++); @@ -248,7 +243,11 @@ public class JSONTokener { } String hex = in.substring(pos, pos + 4); pos += 4; - return (char) Integer.parseInt(hex, 16); + try { + return (char) Integer.parseInt(hex, 16); + } catch (NumberFormatException nfe) { + throw syntaxError("Invalid escape sequence: " + hex); + } case 't': return '\t'; diff --git a/json/src/test/java/org/json/JSONObjectTest.java b/json/src/test/java/org/json/JSONObjectTest.java index e89db94..a1b7b13 100644 --- a/json/src/test/java/org/json/JSONObjectTest.java +++ b/json/src/test/java/org/json/JSONObjectTest.java @@ -1029,4 +1029,13 @@ public class JSONObjectTest extends TestCase { } catch (JSONException e) { } } + + // https://code.google.com/p/android/issues/detail?id=103641 + public void testInvalidUnicodeEscape() { + try { + new JSONObject("{\"q\":\"\\u\", \"r\":[]}"); + fail(); + } catch (JSONException expected) { + } + } } |