From 631c21e9c467c310a22f5276a2ee0f1aa65359ce Mon Sep 17 00:00:00 2001
From: Daniel Kulp <dan@kulp.com>
Date: Tue, 6 Dec 2022 17:22:01 -0500
Subject: [PATCH] Try and fix backslash escaping.  Throw syntax exception on
 invalid json sooner

---
 .../org/codehaus/jettison/json/JSONObject.java     | 14 +++++++-------
 .../org/codehaus/jettison/json/JSONObjectTest.java |  9 +++++++--
 2 files changed, 14 insertions(+), 9 deletions(-)

diff --git a/src/main/java/org/codehaus/jettison/json/JSONObject.java b/src/main/java/org/codehaus/jettison/json/JSONObject.java
index 5c9ff4d..47043ee 100644
--- a/src/main/java/org/codehaus/jettison/json/JSONObject.java
+++ b/src/main/java/org/codehaus/jettison/json/JSONObject.java
@@ -220,6 +220,8 @@ public JSONObject(JSONTokener x) throws JSONException {
                 throw x.syntaxError("A JSONObject text must end with '}'");
             case '}':
                 return;
+            case '{':
+                throw x.syntaxError("Expected a key");                
             default:
                 x.back();
                 key = x.nextValue().toString();
@@ -1041,15 +1043,13 @@ public static String quote(String string, boolean escapeForwardSlashAlways) {
             c = string.charAt(i);
             switch (c) {
             case '\\':
-                // Escape a backslash, but only if it isn't already escaped
-                if (i == len - 1 || string.charAt(i + 1) != '\\') {
-                    sb.append('\\');
-                }
-                sb.append(c);
+                sb.append("\\\\");
+                //if (i < (len - 1) && string.charAt(i+1) == '\\') {
+                //    i++;
+                //}
                 break;
             case '"':
-                sb.append('\\');
-                sb.append(c);
+                sb.append("\\\"");
                 break;
             case '/':
             	if (escapeForwardSlashAlways || i > 0 && string.charAt(i - 1) == '<') {
diff --git a/src/test/java/org/codehaus/jettison/json/JSONObjectTest.java b/src/test/java/org/codehaus/jettison/json/JSONObjectTest.java
index 4125c9d..a2299b3 100644
--- a/src/test/java/org/codehaus/jettison/json/JSONObjectTest.java
+++ b/src/test/java/org/codehaus/jettison/json/JSONObjectTest.java
@@ -87,7 +87,11 @@ public void testMissingIsNull() throws Exception {
     public void testSlashEscapingTurnedOnByDefault() throws Exception {
        JSONObject obj = new JSONObject();
        obj.put("key", "http://example.com/foo");
-       assertEquals(obj.toString(), "{\"key\":\"http:\\/\\/example.com\\/foo\"}");
+       assertEquals("{\"key\":\"http:\\/\\/example.com\\/foo\"}", obj.toString());
+        
+        obj = new JSONObject();
+        obj.put("key", "\\\\");
+        assertEquals("{\"key\":\"\\\\\\\\\"}", obj.toString());
     }
     
     public void testForwardSlashEscapingModifiedfBySetter() throws Exception {
@@ -183,13 +187,14 @@ public void testFuzzerTestCase() throws Exception, JSONException {
             fail("Failure expected");
         } catch (JSONException ex) {
             // expected
+            assertTrue(ex.getMessage().contains("Expected a key"));
         }
     }
 
     public void testFuzzerTestCase2() throws Exception {
         StringBuilder sb = new StringBuilder();
         for (int i = 0; i < 100000; i++) {
-            sb.append("{");
+            sb.append("{\"key\":");
         }
         try {
             new JSONObject(sb.toString());