ASSERT error while parsing BJData

[nlohmann]

Description

OSS-Fuzz reports an assertion: ASSERT: ref_stack.back()->is_array()

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47756
https://oss-fuzz.com/testcase?key=5094223252160512

Reproduction steps

Parse bytes

5b48 5b24 6923 5502 0301 2039 205d

with with from_bjdata.
clusterfuzz-testcase-minimized-parse_bjdata_fuzzer-5094223252160512.bjdata.zip

Expected vs. actual results

Expected: Parse error.

Actual:

Assertion failed: (ref_stack.back()->is_array()), function end_array, file json_sax.hpp, line 269.

The following SAX events are emitted:

<array>
    <object size="3">
        <key key="_ArraySize_" />
        <array size="2">
            <number_integer val="3" />
            <number_integer val="1" />
        </array>
        <number_unsigned val="9" />   <!-- this should be a key -->
    </array>  <!-- this should be a </object> -->

The error is similar to previous errors.

Minimal code example

See above.

Error messages

Assertion failed: (ref_stack.back()->is_array()), function end_array, file json_sax.hpp, line 269.

Compiler and operating system

OSS-Fuzz

Library version

develop

Validation

• The bug also occurs if the latest version from the develop branch is used.
• I can successfully compile and run the unit tests.

[nlohmann]

CC @fangq