From c4512b110ad6bb94465007a9c201d0dfe0e82cc3 Mon Sep 17 00:00:00 2001
From: Yann Ylavic <ylavic@apache.org>
Date: Mon, 18 Mar 2024 15:31:41 +0000
Subject: [PATCH] apr_escape_json(): Don't truncate escaped \uXXXX characters.

apr_snprintf() takes the buffer size (including NUL).

While at it add a test for control characters escaping.



git-svn-id: https://svn.apache.org/repos/asf/apr/apr/trunk@1916391 13f79535-47bb-0310-9956-ffa450edef68
---
 encoding/apr_escape.c | 7 ++++---
 test/testescape.c     | 4 ++--
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/encoding/apr_escape.c b/encoding/apr_escape.c
index 97235b93fa..4cbcc487c6 100644
--- a/encoding/apr_escape.c
+++ b/encoding/apr_escape.c
@@ -1275,8 +1275,9 @@ APR_DECLARE(apr_status_t) apr_escape_json(char *escaped, const char *str,
                         break;
                     default:
                         if (c < 0x20) {
-                            size += apr_snprintf((char *)d, 6, "\\u%04x", c);
-                            d += 5; 
+                            apr_snprintf((char *)d, 7, "\\u%04x", c);
+                            size += 6;
+                            d += 6; 
                             found = 1;
                         }
                         else if (((c >> 7) == 0x00)) {
@@ -1374,7 +1375,7 @@ APR_DECLARE(apr_status_t) apr_escape_json(char *escaped, const char *str,
                         break;
                     default:
                         if (c < 0x20) {
-                            size += 5;
+                            size += 6; /* \uXXXX */
                             found = 1;
                         }
                         else if (((c >> 7) == 0x00)) {
diff --git a/test/testescape.c b/test/testescape.c
index f73a3dbcc7..f7884729bd 100644
--- a/test/testescape.c
+++ b/test/testescape.c
@@ -304,8 +304,8 @@ static void test_escape(abts_case *tc, void *data)
             (len == strlen(dest) + 1));
 
     /* all ascii */
-    src = " !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~";
-    target = " !\\\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\\\]^_`abcdefghijklmnopqrstuvwxyz{|}~";
+    src = "\x01\b\f\n\r\t\\ !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~";
+    target = "\\u0001\\b\\f\\n\\r\\t\\\\ !\\\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\\\]^_`abcdefghijklmnopqrstuvwxyz{|}~";
     dest = apr_pescape_json(pool, src, APR_ESCAPE_STRING, 0);
     ABTS_ASSERT(tc,
                 apr_psprintf(pool, "json escaped (%s) does not match expected output (%s)",