fix CVE-2024-31755 and potential memory leak

(cherry picked from commit 12d09877f421df3de1c2104b7a5529d28d5663db)

CVE-2024-31755.patch

@@ -0,0 +1,47 @@
+From 00c76717b4315381a1878cca2f10d08544634bf2 Mon Sep 17 00:00:00 2001
+From: Alanscut <Alanscut@google.com>
+Date: Mon, 29 Apr 2024 13:29:12 +0800
+Subject: [PATCH] CVE-2024-31755
+
+Fix NULL valuestring problem in cJSON_SetValuestring.
+This fixes #839 and CVE-2024-31755
+Related issue #845
+
+---
+ cJSON.c            | 7 +++++++
+ tests/misc_tests.c | 1 +
+ 2 files changed, 8 insertions(+)
+
+diff --git a/cJSON.c b/cJSON.c
+index 7543078..349ebbd 100644
+--- a/cJSON.c
++++ b/cJSON.c
+@@ -410,6 +410,13 @@ CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring)
+     {
+         return NULL;
+     }
++    /* NULL valuestring causes error with strlen and should be treated separately */
++    if (valuestring == NULL)
++    {
++        cJSON_free(object->valuestring);
++        object->valuestring = NULL;
++        return NULL;
++    }
+     if (strlen(valuestring) <= strlen(object->valuestring))
+     {
+         strcpy(object->valuestring, valuestring);
+diff --git a/tests/misc_tests.c b/tests/misc_tests.c
+index 8031c0d..c11a823 100644
+--- a/tests/misc_tests.c
++++ b/tests/misc_tests.c
+@@ -445,6 +445,7 @@ static void cjson_functions_should_not_crash_with_null_pointers(void)
+     TEST_ASSERT_FALSE(cJSON_Compare(NULL, item, false));
+     TEST_ASSERT_NULL(cJSON_SetValuestring(NULL, "test"));
+     TEST_ASSERT_NULL(cJSON_SetValuestring(corruptedString, "test"));
++    TEST_ASSERT_NULL(cJSON_SetValuestring(item, NULL));
+     cJSON_Minify(NULL);
+     /* skipped because it is only used via a macro that checks for NULL */
+     /* cJSON_SetNumberHelper(NULL, 0); */
+-- 
+2.27.0
+

backport-fix-potential-memory-leak-in-merge_patch.patch

@@ -0,0 +1,12 @@
+diff --git a/cJSON_Utils.c b/cJSON_Utils.c
+index c7c6439..63651df 100644
+--- a/cJSON_Utils.c
++++ b/cJSON_Utils.c
+@@ -1367,6 +1367,7 @@ static cJSON *merge_patch(cJSON *target, const cJSON * const patch, const cJSON_
+             replacement = merge_patch(replace_me, patch_child, case_sensitive);
+             if (replacement == NULL)
+             {
++                cJSON_Delete(target);
+                 return NULL;
+             }
+ 

cjson.spec

@@ -1,6 +1,6 @@
 Name:           cjson
 Version:        1.7.15
-Release:        2
+Release:        4
 Summary:        Ultralightweight JSON parser in ANSI C
  
 License:        MIT and ASL 2.0
@@ -8,6 +8,8 @@ URL:            https://github.com/DaveGamble/cJSON
 Source0:        https://github.com/DaveGamble/cJSON/archive/refs/tags/v1.7.15.tar.gz
  
 Patch0001:	backport-CVE-2023-50471_50472.patch
+Patch0002:	backport-fix-potential-memory-leak-in-merge_patch.patch
+Patch0003:	CVE-2024-31755.patch
 
 BuildRequires:  gcc
 BuildRequires:  cmake
@@ -52,6 +54,12 @@ rm -f %{buildroot}%{_libdir}/cmake/cJSON/*.cmake
 %{_includedir}/cjson/
 
 %changelog
+* Fri Apr 26 2024 lvfei <lvfei@kylinos.cn> - 1.7.15-4
+- fix CVE-2024-31755
+
+* Tue Mar 05 2024 xiejing <xiejing@kylinos.cn> - 1.7.15-3
+- fix potential memory leak in merge_patch()
+
 * Sun Dec 24 2023 liningjie <liningjie@xfusion.com> - 1.7.15-2
 - Fix CVE-2023-50471 CVE-2023-50472