fix potential memory leak in merge_patch()

2024-03-05 16:37:18 +08:00 · 2024-03-05 16:37:18 +08:00 · 05c9d03fed
commit 05c9d03fed
parent b13c7c7b2a
2 changed files with 17 additions and 1 deletions
--- a/backport-fix-potential-memory-leak-in-merge_patch.patch
+++ b/backport-fix-potential-memory-leak-in-merge_patch.patch
@ -0,0 +1,12 @@
+diff --git a/cJSON_Utils.c b/cJSON_Utils.c
+index c7c6439..63651df 100644
+--- a/cJSON_Utils.c
+++ b/cJSON_Utils.c
+@@ -1367,6 +1367,7 @@ static cJSON *merge_patch(cJSON *target, const cJSON * const patch, const cJSON_
+             replacement = merge_patch(replace_me, patch_child, case_sensitive);
+             if (replacement == NULL)
+             {
+                cJSON_Delete(target);
+                 return NULL;
+             }
+ 
--- a/cjson.spec
+++ b/cjson.spec
@ -1,6 +1,6 @@
 Name:           cjson
 Version:        1.7.15
-Release:        2
+Release:        3
 Summary:        Ultralightweight JSON parser in ANSI C
 
 License:        MIT and ASL 2.0
@ -8,6 +8,7 @@ URL:            https://github.com/DaveGamble/cJSON
 Source0:        https://github.com/DaveGamble/cJSON/archive/refs/tags/v1.7.15.tar.gz
 
 Patch0001:	backport-CVE-2023-50471_50472.patch
+Patch0002:	backport-fix-potential-memory-leak-in-merge_patch.patch

 BuildRequires:  gcc
 BuildRequires:  cmake
@ -52,6 +53,9 @@ rm -f %{buildroot}%{_libdir}/cmake/cJSON/*.cmake
 %{_includedir}/cjson/

 %changelog
+* Tue Mar 05 2024 xiejing <xiejing@kylinos.cn> - 1.7.15-3
+- fix potential memory leak in merge_patch()
+
 * Sun Dec 24 2023 liningjie <liningjie@xfusion.com> - 1.7.15-2
 - Fix CVE-2023-50471 CVE-2023-50472