From ddd9fb85e70c9d95422e443eb01a0afd58b3440e Mon Sep 17 00:00:00 2001 From: wuzhaomin Date: Wed, 8 May 2024 20:28:33 +0800 Subject: [PATCH] add allocate check for replace_item_in_object (cherry picked from commit b21492a993d6dbeeaa6f920a122f1d2fdaad9962) --- ...-check-for-replace_item_in_object-67.patch | 80 +++++++++++++++++++ cjson.spec | 8 +- 2 files changed, 86 insertions(+), 2 deletions(-) create mode 100644 backport-fix-add-allocate-check-for-replace_item_in_object-67.patch diff --git a/backport-fix-add-allocate-check-for-replace_item_in_object-67.patch b/backport-fix-add-allocate-check-for-replace_item_in_object-67.patch new file mode 100644 index 0000000..692a9ed --- /dev/null +++ b/backport-fix-add-allocate-check-for-replace_item_in_object-67.patch @@ -0,0 +1,80 @@ +From b45f48e600671feade0b6bd65d1c69de7899f2be Mon Sep 17 00:00:00 2001 +From: Junbo Zheng <3273070@qq.com> +Date: Tue, 29 Mar 2022 15:02:59 +0800 +Subject: [PATCH] fix: add allocate check for replace_item_in_object (#675) + +Signed-off-by: Junbo Zheng +--- + cJSON.c | 19 ++++++++++++------- + 1 file changed, 12 insertions(+), 7 deletions(-) + +diff --git a/cJSON.c b/cJSON.c +index c78aac6..524ba46 100644 +--- a/cJSON.c ++++ b/cJSON.c +@@ -96,9 +96,9 @@ CJSON_PUBLIC(const char *) cJSON_GetErrorPtr(void) + return (const char*) (global_error.json + global_error.position); + } + +-CJSON_PUBLIC(char *) cJSON_GetStringValue(const cJSON * const item) ++CJSON_PUBLIC(char *) cJSON_GetStringValue(const cJSON * const item) + { +- if (!cJSON_IsString(item)) ++ if (!cJSON_IsString(item)) + { + return NULL; + } +@@ -106,9 +106,9 @@ CJSON_PUBLIC(char *) cJSON_GetStringValue(const cJSON * const item) + return item->valuestring; + } + +-CJSON_PUBLIC(double) cJSON_GetNumberValue(const cJSON * const item) ++CJSON_PUBLIC(double) cJSON_GetNumberValue(const cJSON * const item) + { +- if (!cJSON_IsNumber(item)) ++ if (!cJSON_IsNumber(item)) + { + return (double) NAN; + } +@@ -511,7 +511,7 @@ static unsigned char* ensure(printbuffer * const p, size_t needed) + + return NULL; + } +- ++ + memcpy(newbuffer, p->buffer, p->offset + 1); + p->hooks.deallocate(p->buffer); + } +@@ -1107,7 +1107,7 @@ CJSON_PUBLIC(cJSON *) cJSON_ParseWithLengthOpts(const char *value, size_t buffer + } + + buffer.content = (const unsigned char*)value; +- buffer.length = buffer_length; ++ buffer.length = buffer_length; + buffer.offset = 0; + buffer.hooks = global_hooks; + +@@ -2361,6 +2361,11 @@ static cJSON_bool replace_item_in_object(cJSON *object, const char *string, cJSO + cJSON_free(replacement->string); + } + replacement->string = (char*)cJSON_strdup((const unsigned char*)string, &global_hooks); ++ if (replacement->string == NULL) ++ { ++ return false; ++ } ++ + replacement->type &= ~cJSON_StringIsConst; + + return cJSON_ReplaceItemViaPointer(object, get_object_item(object, string, case_sensitive), replacement); +@@ -2693,7 +2698,7 @@ CJSON_PUBLIC(cJSON *) cJSON_CreateStringArray(const char *const *strings, int co + if (a && a->child) { + a->child->prev = n; + } +- ++ + return a; + } + +-- +2.9.3.windows.1 + diff --git a/cjson.spec b/cjson.spec index c0892d9..95bb4c8 100644 --- a/cjson.spec +++ b/cjson.spec @@ -1,6 +1,6 @@ Name: cjson Version: 1.7.15 -Release: 5 +Release: 6 Summary: Ultralightweight JSON parser in ANSI C License: MIT and ASL 2.0 @@ -10,7 +10,8 @@ Source0: https://github.com/DaveGamble/cJSON/archive/refs/tags/v1.7.15.ta Patch0001: backport-CVE-2023-50471_50472.patch Patch0002: backport-fix-potential-memory-leak-in-merge_patch.patch Patch0003: CVE-2024-31755.patch -Patch0004: Fix-a-null-pointer-crash-in-cJSON_ReplaceItemViaPoin.patch +Patch0004: Fix-a-null-pointer-crash-in-cJSON_ReplaceItemViaPoin.patch +Patch0005: backport-fix-add-allocate-check-for-replace_item_in_object-67.patch BuildRequires: gcc BuildRequires: cmake @@ -57,6 +58,9 @@ rm -f %{buildroot}%{_libdir}/cmake/cJSON/*.cmake %{_includedir}/cjson/ %changelog +* Wed May 8 2024 wuzhaomin - 1.7.15-6 +- add allocate check for replace_item_in_object + * Tue May 07 2024 xiaozai - 1.7.15-5 - Fix a null pointer crash in cJSON_ReplaceItemViaPointer -- Gitee