!25 add allocate check for replace_item_in_object

From: @wuzhaomin Reviewed-by: @dillon_chen Signed-off-by: @dillon_chen
2024-05-10 07:25:03 +00:00 · 2024-05-10 07:25:03 +00:00 · 2ca948bf72
commit 2ca948bf72
parent 21090afb54 b21492a993
2 changed files with 86 additions and 2 deletions
--- a/backport-fix-add-allocate-check-for-replace_item_in_object-67.patch
+++ b/backport-fix-add-allocate-check-for-replace_item_in_object-67.patch
@ -0,0 +1,80 @@
 From b45f48e600671feade0b6bd65d1c69de7899f2be Mon Sep 17 00:00:00 2001
 From: Junbo Zheng <3273070@qq.com>
 Date: Tue, 29 Mar 2022 15:02:59 +0800
 Subject: [PATCH] fix: add allocate check for replace_item_in_object (#675)
 Signed-off-by: Junbo Zheng <zhengjunbo1@xiaomi.com>
 ---
 cJSON.c | 19 ++++++++++++-------
 1 file changed, 12 insertions(+), 7 deletions(-)
 diff --git a/cJSON.c b/cJSON.c
 index c78aac6..524ba46 100644
 --- a/cJSON.c
 +++ b/cJSON.c
@@ -96,9 +96,9 @@ CJSON_PUBLIC(const char *) cJSON_GetErrorPtr(void)
     return (const char*) (global_error.json + global_error.position);
 }
 -CJSON_PUBLIC(char *) cJSON_GetStringValue(const cJSON * const item) 
 +CJSON_PUBLIC(char *) cJSON_GetStringValue(const cJSON * const item)
 {
 -    if (!cJSON_IsString(item)) 
 +    if (!cJSON_IsString(item))
     {
         return NULL;
     }
@@ -106,9 +106,9 @@ CJSON_PUBLIC(char *) cJSON_GetStringValue(const cJSON * const item)
     return item->valuestring;
 }
 -CJSON_PUBLIC(double) cJSON_GetNumberValue(const cJSON * const item) 
 +CJSON_PUBLIC(double) cJSON_GetNumberValue(const cJSON * const item)
 {
 -    if (!cJSON_IsNumber(item)) 
 +    if (!cJSON_IsNumber(item))
     {
         return (double) NAN;
     }
@@ -511,7 +511,7 @@ static unsigned char* ensure(printbuffer * const p, size_t needed)
             return NULL;
         }
 -        
 +
         memcpy(newbuffer, p->buffer, p->offset + 1);
         p->hooks.deallocate(p->buffer);
     }
@@ -1107,7 +1107,7 @@ CJSON_PUBLIC(cJSON *) cJSON_ParseWithLengthOpts(const char *value, size_t buffer
     }
     buffer.content = (const unsigned char*)value;
 -    buffer.length = buffer_length; 
 +    buffer.length = buffer_length;
     buffer.offset = 0;
     buffer.hooks = global_hooks;
@@ -2361,6 +2361,11 @@ static cJSON_bool replace_item_in_object(cJSON *object, const char *string, cJSO
         cJSON_free(replacement->string);
     }
     replacement->string = (char*)cJSON_strdup((const unsigned char*)string, &global_hooks);
 +    if (replacement->string == NULL)
 +    {
 +        return false;
 +    }
 +
     replacement->type &= ~cJSON_StringIsConst;
     return cJSON_ReplaceItemViaPointer(object, get_object_item(object, string, case_sensitive), replacement);
@@ -2693,7 +2698,7 @@ CJSON_PUBLIC(cJSON *) cJSON_CreateStringArray(const char *const *strings, int co
     if (a && a->child) {
         a->child->prev = n;
     }
 -    
 +
     return a;
 }
 -- 
 2.9.3.windows.1
--- a/cjson.spec
+++ b/cjson.spec
@ -1,6 +1,6 @@
 Name:           cjson
 Version:        1.7.15
-Release:        5
+Release:        6
 Summary:        Ultralightweight JSON parser in ANSI C
 License:        MIT and ASL 2.0
@ -10,7 +10,8 @@ Source0:        https://github.com/DaveGamble/cJSON/archive/refs/tags/v1.7.15.ta
 Patch0001:	backport-CVE-2023-50471_50472.patch
 Patch0002:	backport-fix-potential-memory-leak-in-merge_patch.patch
 Patch0003:	CVE-2024-31755.patch
-Patch0004:      Fix-a-null-pointer-crash-in-cJSON_ReplaceItemViaPoin.patch 
+Patch0004:    Fix-a-null-pointer-crash-in-cJSON_ReplaceItemViaPoin.patch
 Patch0005:    backport-fix-add-allocate-check-for-replace_item_in_object-67.patch
 BuildRequires:  gcc
 BuildRequires:  cmake
@ -57,6 +58,9 @@ rm -f %{buildroot}%{_libdir}/cmake/cJSON/*.cmake
 %{_includedir}/cjson/
 %changelog
 * Wed May 8 2024 wuzhaomin <wuzhaomin@kylinos.cn> - 1.7.15-6
 - add allocate check for replace_item_in_object
 * Tue May 07 2024 xiaozai <xiaozai@kylinos.cn> - 1.7.15-5
 - Fix a null pointer crash in cJSON_ReplaceItemViaPointer