packages/cjson
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!40 Sync patches from 24.03 branch

Browse Source 
From: @mmzzmm 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
This commit is contained in:
openeuler-ci-bot 2024-06-18 09:16:13 +00:00 committed by Gitee
commit 1398862821
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
7 changed files with 302 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
Fix-a-null-pointer-crash-in-cJSON_ReplaceItemViaPoin.patch Normal file
View File

@ -0,0 +1,25 @@
From 73d8cbbaf1c8b5ceb5a46a8e7d9a24aa3edaf0a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=82=96=E5=9C=A8?= <xiaozai@kylinos.cn>
Date: Tue, 7 May 2024 11:40:54 +0800
Subject: [PATCH] Fix a null pointer crash in cJSON_ReplaceItemViaPointer
---
cJSON.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cJSON.c b/cJSON.c
index 349ebbd..a1073ed 100644
--- a/cJSON.c
+++ b/cJSON.c
@@ -2304,7 +2304,7 @@ CJSON_PUBLIC(cJSON_bool) cJSON_InsertItemInArray(cJSON *array, int which, cJSON
CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemViaPointer(cJSON * const parent, cJSON * const item, cJSON * replacement)
{
- if ((parent == NULL) || (replacement == NULL) || (item == NULL))
+ if ((parent == NULL) || (parent->child == NULL) || (replacement == NULL) || (item == NULL))
{
return false;
}
--
2.33.0

58
backport-Add-test-for-heap-buffer-overflow.patch Normal file
View File

@ -0,0 +1,58 @@
From 826cd6f842ae7e46ee38bbc097f9a34f2947388d Mon Sep 17 00:00:00 2001
From: orri <orri@systemb.is>
Date: Tue, 30 Apr 2024 09:46:17 +0000
Subject: [PATCH 1/2] Add test for heap buffer overflow
From #800
---
tests/parse_examples.c | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/tests/parse_examples.c b/tests/parse_examples.c
index 95a0959..d35d6cf 100644
--- a/tests/parse_examples.c
+++ b/tests/parse_examples.c
@@ -250,6 +250,33 @@ static void test14_should_not_be_parsed(void)
}
}
+/* Address Sanitizer */
+static void test15_should_not_heap_buffer_overflow(void)
+{
+ const char *strings[] = {
+ "{\"1\":1,",
+ "{\"1\":1, ",
+ };
+
+ size_t i;
+
+ for (i = 0; i < sizeof(strings) / sizeof(strings[0]); i+=1)
+ {
+ const char *json_string = strings[i];
+ size_t len = strlen(json_string);
+ cJSON *json = NULL;
+
+ char *exact_size_heap = (char*)malloc(len);
+ TEST_ASSERT_NOT_NULL(exact_size_heap);
+
+ memcpy(exact_size_heap, json_string, len);
+ json = cJSON_ParseWithLength(exact_size_heap, len);
+
+ cJSON_Delete(json);
+ free(exact_size_heap);
+ }
+}
+
int CJSON_CDECL main(void)
{
UNITY_BEGIN();
@@ -267,5 +294,6 @@ int CJSON_CDECL main(void)
RUN_TEST(test12_should_not_be_parsed);
RUN_TEST(test13_should_be_parsed_without_null_termination);
RUN_TEST(test14_should_not_be_parsed);
+ RUN_TEST(test15_should_not_heap_buffer_overflow);
return UNITY_END();
}
--
2.43.0

29
backport-Fix-heap-buffer-overflow.patch Normal file
View File

@ -0,0 +1,29 @@
From 3ef4e4e730e5efd381be612df41e1ff3f5bb3c32 Mon Sep 17 00:00:00 2001
From: orri <orri@systemb.is>
Date: Tue, 30 Apr 2024 09:50:19 +0000
Subject: [PATCH 2/2] Fix heap buffer overflow
Fixes #800
---
cJSON.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/cJSON.c b/cJSON.c
index 4f5b38d..97564bb 100644
--- a/cJSON.c
+++ b/cJSON.c
@@ -1660,6 +1660,11 @@ static cJSON_bool parse_object(cJSON * const item, parse_buffer * const input_bu
current_item = new_item;
}
+ if (cannot_access_at_index(input_buffer, 1))
+ {
+ goto fail; /* nothing comes after the comma */
+ }
+
/* parse the name of the child */
input_buffer->offset++;
buffer_skip_whitespace(input_buffer);
--
2.43.0

74
backport-Set-free-d-pointers-to-NULL-whenever-they-are-not-re.patch Normal file
View File

@ -0,0 +1,74 @@
From 0489fa665b373d214523e318ee6b75292ea0e411 Mon Sep 17 00:00:00 2001
From: maebex <maximilian.berndt11@web.de>
Date: Sat, 30 Mar 2024 10:42:22 +0100
Subject: [PATCH] Set free'd pointers to NULL whenever they are not reassigned
immediately after
---
cJSON.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/cJSON.c b/cJSON.c
index 7532e84..ab4fb35 100644
--- a/cJSON.c
+++ b/cJSON.c
@@ -263,10 +263,12 @@ CJSON_PUBLIC(void) cJSON_Delete(cJSON *item)
if (!(item->type & cJSON_IsReference) && (item->valuestring != NULL))
{
global_hooks.deallocate(item->valuestring);
+ item->valuestring = NULL;
}
if (!(item->type & cJSON_StringIsConst) && (item->string != NULL))
{
global_hooks.deallocate(item->string);
+ item->string = NULL;
}
global_hooks.deallocate(item);
item = next;
@@ -900,6 +902,7 @@ fail:
if (output != NULL)
{
input_buffer->hooks.deallocate(output);
+ output = NULL;
}
if (input_pointer != NULL)
@@ -1242,6 +1245,7 @@ static unsigned char *print(const cJSON * const item, cJSON_bool format, const i
/* free the buffer */
hooks->deallocate(buffer->buffer);
+ buffer->buffer = NULL;
}
return printed;
@@ -1250,11 +1254,13 @@ fail:
if (buffer->buffer != NULL)
{
hooks->deallocate(buffer->buffer);
+ buffer->buffer = NULL;
}
if (printed != NULL)
{
hooks->deallocate(printed);
+ printed = NULL;
}
return NULL;
@@ -1295,6 +1301,7 @@ CJSON_PUBLIC(char *) cJSON_PrintBuffered(const cJSON *item, int prebuffer, cJSON
if (!print_value(item, &p))
{
global_hooks.deallocate(p.buffer);
+ p.buffer = NULL;
return NULL;
}
@@ -3138,4 +3145,5 @@ CJSON_PUBLIC(void *) cJSON_malloc(size_t size)
CJSON_PUBLIC(void) cJSON_free(void *object)
{
global_hooks.deallocate(object);
+ object = NULL;
}
--
2.33.0

80
backport-fix-add-allocate-check-for-replace_item_in_object-67.patch Normal file
View File

@ -0,0 +1,80 @@
From b45f48e600671feade0b6bd65d1c69de7899f2be Mon Sep 17 00:00:00 2001
From: Junbo Zheng <3273070@qq.com>
Date: Tue, 29 Mar 2022 15:02:59 +0800
Subject: [PATCH] fix: add allocate check for replace_item_in_object (#675)
Signed-off-by: Junbo Zheng <zhengjunbo1@xiaomi.com>
---
cJSON.c | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/cJSON.c b/cJSON.c
index c78aac6..524ba46 100644
--- a/cJSON.c
+++ b/cJSON.c
@@ -96,9 +96,9 @@ CJSON_PUBLIC(const char *) cJSON_GetErrorPtr(void)
return (const char*) (global_error.json + global_error.position);
}
-CJSON_PUBLIC(char *) cJSON_GetStringValue(const cJSON * const item)
+CJSON_PUBLIC(char *) cJSON_GetStringValue(const cJSON * const item)
{
- if (!cJSON_IsString(item))
+ if (!cJSON_IsString(item))
{
return NULL;
}
@@ -106,9 +106,9 @@ CJSON_PUBLIC(char *) cJSON_GetStringValue(const cJSON * const item)
return item->valuestring;
}
-CJSON_PUBLIC(double) cJSON_GetNumberValue(const cJSON * const item)
+CJSON_PUBLIC(double) cJSON_GetNumberValue(const cJSON * const item)
{
- if (!cJSON_IsNumber(item))
+ if (!cJSON_IsNumber(item))
{
return (double) NAN;
}
@@ -511,7 +511,7 @@ static unsigned char* ensure(printbuffer * const p, size_t needed)
return NULL;
}
-
+
memcpy(newbuffer, p->buffer, p->offset + 1);
p->hooks.deallocate(p->buffer);
}
@@ -1107,7 +1107,7 @@ CJSON_PUBLIC(cJSON *) cJSON_ParseWithLengthOpts(const char *value, size_t buffer
}
buffer.content = (const unsigned char*)value;
- buffer.length = buffer_length;
+ buffer.length = buffer_length;
buffer.offset = 0;
buffer.hooks = global_hooks;
@@ -2361,6 +2361,11 @@ static cJSON_bool replace_item_in_object(cJSON *object, const char *string, cJSO
cJSON_free(replacement->string);
}
replacement->string = (char*)cJSON_strdup((const unsigned char*)string, &global_hooks);
+ if (replacement->string == NULL)
+ {
+ return false;
+ }
+
replacement->type &= ~cJSON_StringIsConst;
return cJSON_ReplaceItemViaPointer(object, get_object_item(object, string, case_sensitive), replacement);
@@ -2693,7 +2698,7 @@ CJSON_PUBLIC(cJSON *) cJSON_CreateStringArray(const char *const *strings, int co
if (a && a->child) {
a->child->prev = n;
}
-
+
return a;
}
--
2.9.3.windows.1

26
backport-fix-print-int-without-decimal-places-630.patch Normal file
View File

@ -0,0 +1,26 @@
From d321fa9e6e574ff93518f6384865b9af0a4a4afc Mon Sep 17 00:00:00 2001
From: AlexanderVasiljev <48011002+AlexanderVasiljev@users.noreply.github.com>
Date: Wed, 19 Jan 2022 05:30:31 +0300
Subject: [PATCH] fix: print int without decimal places (#630)
---
cJSON.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/cJSON.c b/cJSON.c
index 3063f74..c78aac6 100644
--- a/cJSON.c
+++ b/cJSON.c
@@ -562,6 +562,10 @@ static cJSON_bool print_number(const cJSON * const item, printbuffer * const out
{
length = sprintf((char*)number_buffer, "null");
}
+ else if(d == (double)item->valueint)
+ {
+ length = sprintf((char*)number_buffer, "%d", item->valueint);
+ }
else
{
/* Try 15 decimal places of precision to avoid nonsignificant nonzero digits */
--

11
cjson.spec
View File

@ -1,6 +1,6 @@
Name: cjson
Version: 1.7.15
Release: 4
Release: 5
Summary: Ultralightweight JSON parser in ANSI C
License: MIT and ASL 2.0
@ -10,6 +10,12 @@ Source0: https://github.com/DaveGamble/cJSON/archive/refs/tags/v1.7.15.ta
Patch0001: backport-CVE-2023-50471_50472.patch
Patch0002: backport-fix-potential-memory-leak-in-merge_patch.patch
Patch0003: CVE-2024-31755.patch
Patch0004: Fix-a-null-pointer-crash-in-cJSON_ReplaceItemViaPoin.patch
Patch0005: backport-fix-add-allocate-check-for-replace_item_in_object-67.patch
Patch0006: backport-fix-print-int-without-decimal-places-630.patch
Patch0007: backport-Add-test-for-heap-buffer-overflow.patch
Patch0008: backport-Fix-heap-buffer-overflow.patch
Patch0009: backport-Set-free-d-pointers-to-NULL-whenever-they-are-not-re.patch
BuildRequires: gcc
BuildRequires: cmake
@ -54,6 +60,9 @@ rm -f %{buildroot}%{_libdir}/cmake/cJSON/*.cmake
%{_includedir}/cjson/
%changelog
* Tue Jun 18 2024 Zhao Mengmeng <zhaomengmeng@kylinos.cn> - 1.7.15-5
- sync patches from 24.03 branches
* Fri Apr 26 2024 lvfei <lvfei@kylinos.cn> - 1.7.15-4
- fix CVE-2024-31755