Skip to content

Commit

Permalink
fix: fix NULL valuestring error
Browse files Browse the repository at this point in the history
Fix NULL valuestring problem in cJSON_SetValuestring.
This fixes #839 and CVE-2024-31755
Related issue #845
  • Loading branch information
Alanscut committed Apr 28, 2024
1 parent 5671646 commit e327f1c
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 1 deletion.
9 changes: 8 additions & 1 deletion cJSON.c
Original file line number Diff line number Diff line change
Expand Up @@ -406,10 +406,17 @@ CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring)
return NULL;
}
/* return NULL if the object is corrupted */
if (object->valuestring == NULL || valuestring == NULL)
if (object->valuestring == NULL)
{
return NULL;
}
/* NULL valuestring causes error with strlen and should be treated separately */
if (valuestring == NULL)
{
cJSON_free(object->valuestring);
object->valuestring = NULL;
return NULL;
}
if (strlen(valuestring) <= strlen(object->valuestring))
{
strcpy(object->valuestring, valuestring);
Expand Down
1 change: 1 addition & 0 deletions tests/misc_tests.c
Original file line number Diff line number Diff line change
Expand Up @@ -444,6 +444,7 @@ static void cjson_functions_should_not_crash_with_null_pointers(void)
TEST_ASSERT_FALSE(cJSON_Compare(NULL, item, false));
TEST_ASSERT_NULL(cJSON_SetValuestring(NULL, "test"));
TEST_ASSERT_NULL(cJSON_SetValuestring(corruptedString, "test"));
TEST_ASSERT_NULL(cJSON_SetValuestring(item, NULL));
cJSON_Minify(NULL);
/* skipped because it is only used via a macro that checks for NULL */
/* cJSON_SetNumberHelper(NULL, 0); */
Expand Down

0 comments on commit e327f1c

Please sign in to comment.