patch 8.0.1602: crash in parsing JSON

Problem:    Crash in parsing JSON.
Solution:   Fail when using array or dict as dict key. (Damien)

Author: brammool

src/json.c

@@ -621,7 +621,9 @@ json_decode_item(js_read_T *reader, typval_T *res, int options)
 	if (top_item != NULL && top_item->jd_type == JSON_OBJECT_KEY
 		&& (options & JSON_JS)
 		&& reader->js_buf[reader->js_used] != '"'
-		&& reader->js_buf[reader->js_used] != '\'')
+		&& reader->js_buf[reader->js_used] != '\''
+		&& reader->js_buf[reader->js_used] != '['
+		&& reader->js_buf[reader->js_used] != '{')
 	{
 	    char_u *key;
 
@@ -642,6 +644,11 @@ json_decode_item(js_read_T *reader, typval_T *res, int options)
 	    switch (*p)
 	    {
 		case '[': /* start of array */
+		    if (top_item && top_item->jd_type == JSON_OBJECT_KEY)
+		    {
+			retval = FAIL;
+			break;
+		    }
 		    if (ga_grow(&stack, 1) == FAIL)
 		    {
 			retval = FAIL;
@@ -668,6 +675,11 @@ json_decode_item(js_read_T *reader, typval_T *res, int options)
 		    continue;
 
 		case '{': /* start of object */
+		    if (top_item && top_item->jd_type == JSON_OBJECT_KEY)
+		    {
+			retval = FAIL;
+			break;
+		    }
 		    if (ga_grow(&stack, 1) == FAIL)
 		    {
 			retval = FAIL;

src/testdir/test_json.vim

@@ -179,6 +179,9 @@ func Test_json_decode()
   call assert_fails('call json_decode("[1 2]")', "E474:")
 
   call assert_fails('call json_decode("[1,,2]")', "E474:")
+
+  call assert_fails('call json_decode("{{}:42}")', "E474:")
+  call assert_fails('call json_decode("{[]:42}")', "E474:")
 endfunc
 
 let s:jsl5 = '[7,,,]'

src/version.c

@@ -766,6 +766,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    1602,
 /**/
     1601,
 /**/