Reject unescaped control characters in JSON strings (#1663)

RFC 8259 requires that control characters (U+0000-U+001F) be escaped
when they appear inside strings. jsoncpp previously accepted them
silently. Add a check in Reader::decodeString and
OurReader::decodeString to return an error when an unescaped control
character is encountered.

Fixes #1546

Author: baylesj

src/lib_json/json_reader.cpp

@@ -655,6 +655,8 @@ bool Reader::decodeString(Token& token, String& decoded) {
         return addError("Bad escape sequence in string", token, current);
       }
     } else {
+      if (static_cast<unsigned char>(c) < 0x20)
+        return addError("Control character in string", token, current - 1);
       decoded += c;
     }
   }
@@ -1690,6 +1692,8 @@ bool OurReader::decodeString(Token& token, String& decoded) {
         return addError("Bad escape sequence in string", token, current);
       }
     } else {
+      if (static_cast<unsigned char>(c) < 0x20)
+        return addError("Control character in string", token, current - 1);
       decoded += c;
     }
   }

test/data/fail_test_control_char_01.json

@@ -0,0 +1 @@
+"
"