AIKIDO-2026-10455

TL;DR

In OurReader::readToken, when allowSingleQuotes_ is false, a single-quote (') token was handled with an intentional fall-through into the / case so input could be mis-tokenized as a comment. That path drives further parsing and Json::Value::setComment work on inconsistent state. OSS-Fuzz (ClusterFuzz, Chromium issue 989851) reproduced an address-sanitizer failure along OurReader::parse → setComment. The fix treats disallowed single quotes as an explicit parse failure (ok = false) and always breaks out of the ' case so execution cannot fall through into comment handling.