Passing NULL instead of tokens array causes exception

Issue #26 invalid
Roman M.
created an issue

The overview says "Passing NULL instead of the tokens array would not store parsing results, but instead the function will return the value of tokens needed to parse the given string."

But passing NULL instead of the tokens array causes an exception on jsmn.c:263-268

Seems like there is no check for NULL.

Comments (2)

  1. Serge Zaitsev repo owner

    Can you still reproduce it? Right, there is no NULL-check in those lines (in fact line numbers have changed since that time, but I believe we're talking about this code:

        for (i = parser->toknext - 1; i >= 0; i--) {
            /* Unmatched opened object or array */
            if (tokens[i].start != -1 && tokens[i].end == -1) {
                return JSMN_ERROR_PART;

    Here the loop is entered only if toknext is higher than zero. toknext is incremented in the jsmn_alloc_token function only, and that function is always executed after the NULL-check of tokens. Which implies that if "tokens" is NULL - toknext is zero and loop is never executed.

    But maybe I'm wrong. If so - please help me reproducing this.

    One tricky thing here may happen if you executed jsmn_parse() once with non-null tokens, and then once with NULL. I don't know what the behavior should be in this case, but most likely it will result in a crash. Is this your case?

  2. Log in to comment