AK: Disallow construction of JsonParser

JsonParser has a footgun where it does not retain ownership of the
string to be parsed. For example, the following results in UAF:

    JsonParser parser(something_returning_a_string());
    parser.parse();

Let's avoid this altogether by only allowing use of JsonParser with
a static, safe method.

AK/JsonParser.cpp

@@ -18,6 +18,12 @@ constexpr bool is_space(int ch)
     return ch == '\t' || ch == '\n' || ch == '\r' || ch == ' ';
 }
 
+ErrorOr<JsonValue> JsonParser::parse(StringView input)
+{
+    JsonParser parser(input);
+    return parser.parse_json();
+}
+
 // ECMA-404 9 String
 // Boils down to
 // STRING = "\"" *("[^\"\\]" | "\\" ("[\"\\bfnrt]" | "u[0-9A-Za-z]{4}")) "\""
@@ -335,7 +341,7 @@ ErrorOr<JsonValue> JsonParser::parse_helper()
     return Error::from_string_literal("JsonParser: Unexpected character");
 }
 
-ErrorOr<JsonValue> JsonParser::parse()
+ErrorOr<JsonValue> JsonParser::parse_json()
 {
     auto result = TRY(parse_helper());
     ignore_while(is_space);

AK/JsonParser.h

@@ -13,14 +13,15 @@ namespace AK {
 
 class JsonParser : private GenericLexer {
 public:
+    static ErrorOr<JsonValue> parse(StringView);
+
+private:
     explicit JsonParser(StringView input)
         : GenericLexer(input)
     {
     }
 
-    ErrorOr<JsonValue> parse();
+    ErrorOr<JsonValue> parse_json();
-
-private:
     ErrorOr<JsonValue> parse_helper();
 
     ErrorOr<ByteString> consume_and_unescape_string();

AK/JsonValue.cpp

@@ -190,7 +190,7 @@ JsonValue::JsonValue(JsonArray&& value)
 
 ErrorOr<JsonValue> JsonValue::from_string(StringView input)
 {
-    return JsonParser(input).parse();
+    return JsonParser::parse(input);
 }
 
 String JsonValue::serialized() const

Meta/Lagom/Fuzzers/FuzzJsonParser.cpp

@@ -9,7 +9,6 @@
 extern "C" int LLVMFuzzerTestOneInput(uint8_t const* data, size_t size)
 {
     AK::set_debug_enabled(false);
-    JsonParser parser({ data, size });
+    (void)JsonParser::parse({ data, size });
-    (void)parser.parse();
     return 0;
 }