Treat leading zeros in JSON.parse correctly.

src/json-parser.h

Index: src/json-parser.h
diff --git a/src/json-parser.h b/src/json-parser.h
index d481ed02b6744a827a98185106d560170e36ea12..60cb786d03fbcd9a7aa8ba831927252680243424 100644
--- a/src/json-parser.h
+++ b/src/json-parser.h
@@ -304,45 +304,56 @@ Handle<Object> JsonParser<seq_ascii>::ParseJsonObject() {
       Advance();
 
       uint32_t index = 0;
-      while (c0_ >= '0' && c0_ <= '9') {
-        int d = c0_ - '0';
-        if (index > 429496729U - ((d > 5) ? 1 : 0)) break;
-        index = (index * 10) + d;
-        Advance();
-      }
+      if (c0_ >= '0' && c0_ <= '9') {
+        // Maybe an array index, try to parse it.
+        if (c0_ == '0') {
+          // With a leading zero, the string has to be "0" only to be an index.
+          Advance();
+        } else {
+          do {
+            int d = c0_ - '0';
+            if (index > 429496729U - ((d > 5) ? 1 : 0)) break;
+            index = (index * 10) + d;
+            Advance();
+          } while (c0_ >= '0' && c0_ <= '9');
+        }
 
-      if (position_ != start_position + 1 && c0_ == '"') {
-        AdvanceSkipWhitespace();
+        if (position_ != start_position + 1 && c0_ == '"') {

[Toon Verwaest, 2012/10/29 11:08:22]

Now that this if moved into the parent if, the first part of the condition is
always true. We just have to check that c0_ == '"'.

[Yang, 2012/10/29 12:01:12]

Done.

+          // Successfully parsed index, parse and store element.
+          AdvanceSkipWhitespace();
 
-        if (c0_ != ':') return ReportUnexpectedCharacter();
-        AdvanceSkipWhitespace();
-        Handle<Object> value = ParseJsonValue();
-        if (value.is_null()) return ReportUnexpectedCharacter();
+          if (c0_ != ':') return ReportUnexpectedCharacter();
+          AdvanceSkipWhitespace();
+          Handle<Object> value = ParseJsonValue();
+          if (value.is_null()) return ReportUnexpectedCharacter();
 
-        JSObject::SetOwnElement(json_object, index, value, kNonStrictMode);
-      } else {
-        position_ = start_position;
+          JSObject::SetOwnElement(json_object, index, value, kNonStrictMode);
+          continue;
+        }
+        // Not an index, fallback to the slow path.
+      }
+
+      position_ = start_position;
 #ifdef DEBUG
-        c0_ = '"';
+      c0_ = '"';
 #endif
 
-        Handle<String> key = ParseJsonSymbol();
-        if (key.is_null() || c0_ != ':') return ReportUnexpectedCharacter();
+      Handle<String> key = ParseJsonSymbol();
+      if (key.is_null() || c0_ != ':') return ReportUnexpectedCharacter();
 
-        AdvanceSkipWhitespace();
-        Handle<Object> value = ParseJsonValue();
-        if (value.is_null()) return ReportUnexpectedCharacter();
+      AdvanceSkipWhitespace();
+      Handle<Object> value = ParseJsonValue();
+      if (value.is_null()) return ReportUnexpectedCharacter();
 
-        if (key->Equals(isolate()->heap()->Proto_symbol())) {
-          prototype = value;
+      if (key->Equals(isolate()->heap()->Proto_symbol())) {
+        prototype = value;
+      } else {
+        if (JSObject::TryTransitionToField(json_object, key)) {
+          int index = json_object->LastAddedFieldIndex();
+          json_object->FastPropertyAtPut(index, *value);
         } else {
-          if (JSObject::TryTransitionToField(json_object, key)) {
-            int index = json_object->LastAddedFieldIndex();
-            json_object->FastPropertyAtPut(index, *value);
-          } else {
-            JSObject::SetLocalPropertyIgnoreAttributes(
-                json_object, key, value, NONE);
-          }
+          JSObject::SetLocalPropertyIgnoreAttributes(
+              json_object, key, value, NONE);
         }
       }
     } while (MatchSkipWhiteSpace(','));