Skip to content

Fix crash when HttpResponseDecoder receives non-JSON response #1405

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
hanselip wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Fix crash when HttpResponseDecoder receives non-JSON response #1405

hanselip wants to merge 4 commits into from

Conversation

@hanselip
Copy link
Member

@hanselip hanselip commented Jan 23, 2026

Summary

This PR fixes issue #1338 where the application crashes when HttpResponseDecoder::processBody receives a non-JSON HTTP response (e.g., HTML from captive portals or network sign-in pages).

Changes

  • Added validation before JSON parsing in processBody method
  • Uses nlohmann::json::accept() to validate response body before attempting to parse
  • Logs an error and returns early if the response is not valid JSON, preventing crashes

Problem

When a network request returns a non-JSON response (such as HTML from a captive portal), the library attempts to parse it as JSON, causing a crash in the nlohmann::json::parse() function.

Solution

The fix adds a check using nlohmann::json::accept() which safely validates whether the response body is valid JSON before attempting to parse it. If validation fails, the function logs an error and returns early.

Testing

  • The fix uses the built-in nlohmann::json::accept() method which is designed for safe validation
  • The try-catch block still provides additional protection for any unexpected parsing errors
  • CI tests will validate that existing functionality remains intact

Fixes #1338

@hanselip hanselip requested a review from a team as a code owner January 23, 2026 21:01
lalitb
lalitb reviewed Jan 28, 2026
View reviewed changes
ThomsonTan
ThomsonTan reviewed Jan 28, 2026
View reviewed changes
lib/http/HttpResponseDecoder.cpp Outdated
std::string body(response.GetBody().begin(), response.GetBody().end());

// Validate that the body is valid JSON before attempting to parse
if (body.empty() || !nlohmann::json::accept(body))
Copy link
Contributor

@ThomsonTan ThomsonTan Jan 28, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The wrapper try/catch seems no longer needed with this validation?

Copy link
Member Author

@hanselip hanselip Jan 28, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! With the validation approach using parse() with allow_exceptions=false, the try/catch wrapper is no longer needed. I've removed it in the latest commit.

The function now handles invalid JSON gracefully through return value checking rather than exception handling, making the code cleaner and more efficient.

Changes pushed in commit ab8790c.

hanselip pushed a commit that referenced this pull request Jan 28, 2026
@claude
Address PR #1405 review: use parse with exceptions disabled
ab8790c 
Replace double-parsing approach (accept() then parse()) with single
parse() call using allow_exceptions=false and is_discarded() check.
This eliminates redundant parsing and removes the need for try/catch.

Addresses review comments from lalitb and ThomsonTan.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Hansel Ip and others added 2 commits January 28, 2026 13:04
@claude @ThomsonTan
Fix crash when HttpResponseDecoder receives non-JSON response
374a971 
Add validation before JSON parsing in processBody to prevent crashes
when receiving non-JSON HTTP responses (e.g., HTML from captive portals).
Uses nlohmann::json::accept() to validate response body before parsing.

Fixes #1338

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@claude @ThomsonTan
Address PR #1405 review: use parse with exceptions disabled
ca99f1c 
Replace double-parsing approach (accept() then parse()) with single
parse() call using allow_exceptions=false and is_discarded() check.
This eliminates redundant parsing and removes the need for try/catch.

Addresses review comments from lalitb and ThomsonTan.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
@ThomsonTan ThomsonTan force-pushed the fix-json-parse-crash branch from ab8790c to ca99f1c Compare January 28, 2026 21:04
@claude
Use iterators directly in parse() to avoid copying body
f88a641 
Pass body iterators directly to nlohmann::json::parse() instead of
copying into std::string first. This improves performance by avoiding
unnecessary memory allocation and copy.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
ThomsonTan
ThomsonTan reviewed Jan 29, 2026
View reviewed changes
@claude
Remove unnecessary inner scope block
54de017 
Remove the leftover scope braces from the try/catch removal and fix
indentation for cleaner code structure.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ThomsonTan ThomsonTan ThomsonTan left review comments

@lalitb lalitb lalitb left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Crash when HttpResponseDecoder::processBody doesn't get JSON response

4 participants

@hanselip @ThomsonTan @lalitb