Also undo NULL check in json_tokener_set_flags(): it's not at all valid toi
 try to set flags on a NULL pointer, and doing so should not be silently
 ignored.

Also, be sure the right locale_t is freed if we fail on the second uselocale.
Finally, fix test_locale so it *doesn't* use json_object_to_json_string as
 that will simple re-emit the original parsed string values.

This fix errors that can happen when ingesting very large JSON files
when hitting the maximum heap size of the process.

Tightening the number parsing algorithm

Some badly formated "numbers" could get partly parsed,
resulting in truncated results instead of raising an
error.

Examples :
 '1.2.3'      -> (double)1.2
 '2015-01-15' -> (int)2015

This patch is not perfect (ex: input can still end with a 'E', which
is forbidden by json.org doc) but should avoid non-sensically
formated input.

Tests added.

Eliminate all uses of bits.h within the json-c code.

* CVE-2013-6371: hash collision denial of service
* CVE-2013-6370: buffer overflow if size_t is larger than int

Only allow lowercase literals in STRICT mode

Add json_object_free_userdata() and json_object_userdata_to_json_string() too.

Remove redefinition of strndup() which is no longer used in the codebase

more strictness

Found by Coverity. The number of elements of an array 'ar' is found by
sizeof(ar)/sizeof(ar[0]) and not sizeof(ar)

76const char *json_tokener_error_desc(enum json_tokener_error jerr)
 77{
 78        int jerr_int = (int)jerr;

1. Condition "jerr_int < 0", taking false branch

2. Condition "jerr_int > 112 /* (int)sizeof (gdal_json_tokener_errors) */", taking false branch
 79        if (jerr_int < 0 || jerr_int > (int)sizeof(json_tokener_errors))
 80                return "Unknown error, invalid json_tokener_error value passed to json_tokener_error_desc()";

CID 1076806 (#1 of 1): Out-of-bounds read (OVERRUN)3. overrun-local: Overrunning array "gdal_json_tokener_errors" of 14 8-byte elements at element index 112 (byte offset 896) using index "jerr" (which evaluates to 112).
 81        return json_tokener_errors[jerr];
 82}

We forget to check or use the return value of the ADVANCE_CHAR macro,
and upon compilation an error is thrown because of its lack of use. This
patch checks to see if the macro was successful, and if not replaces the
offending character with a replacement.

While parsing token data, we use the POP_CHAR macro to 'peek' at
character data. This behaviour is noted in the comments for the macro,
yet the definition is left as 'pop'. Changing to PEEK_CHAR does not
imply that the character being observed is removed.

Conflicts:
	json_util.c

Make maximum recursion depth a runtime option

Adjust test_null to check for this case.
See also http://bugs.debian.org/687269

Fix a typo in the string represenations of the json_tokener_error_depth error (s/to deep/too deep/)

Add documentation for the json_tokener_parse_ex() function.

git-svn-id: http://svn.metaparadigm.com/svn/json-c/trunk@62 327403b1-1117-474d-bef2-5cb71233fd97