diff --git a/backport-fix-add-allocate-check-for-replace_item_in_object-67.patch b/backport-fix-add-allocate-check-for-replace_item_in_object-67.patch new file mode 100644 index 0000000000000000000000000000000000000000..692a9ed3ad56b87ec3c42a1af89bdae414f15a58 --- /dev/null +++ b/backport-fix-add-allocate-check-for-replace_item_in_object-67.patch @@ -0,0 +1,80 @@ +From b45f48e600671feade0b6bd65d1c69de7899f2be Mon Sep 17 00:00:00 2001 +From: Junbo Zheng <3273070@qq.com> +Date: Tue, 29 Mar 2022 15:02:59 +0800 +Subject: [PATCH] fix: add allocate check for replace_item_in_object (#675) + +Signed-off-by: Junbo Zheng +--- + cJSON.c | 19 ++++++++++++------- + 1 file changed, 12 insertions(+), 7 deletions(-) + +diff --git a/cJSON.c b/cJSON.c +index c78aac6..524ba46 100644 +--- a/cJSON.c ++++ b/cJSON.c +@@ -96,9 +96,9 @@ CJSON_PUBLIC(const char *) cJSON_GetErrorPtr(void) + return (const char*) (global_error.json + global_error.position); + } + +-CJSON_PUBLIC(char *) cJSON_GetStringValue(const cJSON * const item) ++CJSON_PUBLIC(char *) cJSON_GetStringValue(const cJSON * const item) + { +- if (!cJSON_IsString(item)) ++ if (!cJSON_IsString(item)) + { + return NULL; + } +@@ -106,9 +106,9 @@ CJSON_PUBLIC(char *) cJSON_GetStringValue(const cJSON * const item) + return item->valuestring; + } + +-CJSON_PUBLIC(double) cJSON_GetNumberValue(const cJSON * const item) ++CJSON_PUBLIC(double) cJSON_GetNumberValue(const cJSON * const item) + { +- if (!cJSON_IsNumber(item)) ++ if (!cJSON_IsNumber(item)) + { + return (double) NAN; + } +@@ -511,7 +511,7 @@ static unsigned char* ensure(printbuffer * const p, size_t needed) + + return NULL; + } +- ++ + memcpy(newbuffer, p->buffer, p->offset + 1); + p->hooks.deallocate(p->buffer); + } +@@ -1107,7 +1107,7 @@ CJSON_PUBLIC(cJSON *) cJSON_ParseWithLengthOpts(const char *value, size_t buffer + } + + buffer.content = (const unsigned char*)value; +- buffer.length = buffer_length; ++ buffer.length = buffer_length; + buffer.offset = 0; + buffer.hooks = global_hooks; + +@@ -2361,6 +2361,11 @@ static cJSON_bool replace_item_in_object(cJSON *object, const char *string, cJSO + cJSON_free(replacement->string); + } + replacement->string = (char*)cJSON_strdup((const unsigned char*)string, &global_hooks); ++ if (replacement->string == NULL) ++ { ++ return false; ++ } ++ + replacement->type &= ~cJSON_StringIsConst; + + return cJSON_ReplaceItemViaPointer(object, get_object_item(object, string, case_sensitive), replacement); +@@ -2693,7 +2698,7 @@ CJSON_PUBLIC(cJSON *) cJSON_CreateStringArray(const char *const *strings, int co + if (a && a->child) { + a->child->prev = n; + } +- ++ + return a; + } + +-- +2.9.3.windows.1 + diff --git a/cjson.spec b/cjson.spec index c0892d97b97a90bbb3c2328148c53408bc145f3a..95bb4c8160fe9c7932a5099833cf867643afb367 100644 --- a/cjson.spec +++ b/cjson.spec @@ -1,6 +1,6 @@ Name: cjson Version: 1.7.15 -Release: 5 +Release: 6 Summary: Ultralightweight JSON parser in ANSI C License: MIT and ASL 2.0 @@ -10,7 +10,8 @@ Source0: https://github.com/DaveGamble/cJSON/archive/refs/tags/v1.7.15.ta Patch0001: backport-CVE-2023-50471_50472.patch Patch0002: backport-fix-potential-memory-leak-in-merge_patch.patch Patch0003: CVE-2024-31755.patch -Patch0004: Fix-a-null-pointer-crash-in-cJSON_ReplaceItemViaPoin.patch +Patch0004: Fix-a-null-pointer-crash-in-cJSON_ReplaceItemViaPoin.patch +Patch0005: backport-fix-add-allocate-check-for-replace_item_in_object-67.patch BuildRequires: gcc BuildRequires: cmake @@ -57,6 +58,9 @@ rm -f %{buildroot}%{_libdir}/cmake/cJSON/*.cmake %{_includedir}/cjson/ %changelog +* Wed May 8 2024 wuzhaomin - 1.7.15-6 +- add allocate check for replace_item_in_object + * Tue May 07 2024 xiaozai - 1.7.15-5 - Fix a null pointer crash in cJSON_ReplaceItemViaPointer