!36 Backport Set free'd pointers to NULL whenever they are not reassigned

From: @mmzzmm Reviewed-by: @dillon_chen Signed-off-by: @dillon_chen
2024-06-07 03:46:11 +00:00 · 2024-06-07 03:46:11 +00:00 · 9179472aaf
commit 9179472aaf
parent 1ef31418a3 1243399bf7
2 changed files with 79 additions and 1 deletions
--- a/backport-Set-free-d-pointers-to-NULL-whenever-they-are-not-re.patch
+++ b/backport-Set-free-d-pointers-to-NULL-whenever-they-are-not-re.patch
@ -0,0 +1,74 @@
+From 0489fa665b373d214523e318ee6b75292ea0e411 Mon Sep 17 00:00:00 2001
+From: maebex <maximilian.berndt11@web.de>
+Date: Sat, 30 Mar 2024 10:42:22 +0100
+Subject: [PATCH] Set free'd pointers to NULL whenever they are not reassigned
+ immediately after
+
+---
+ cJSON.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/cJSON.c b/cJSON.c
+index 7532e84..ab4fb35 100644
+--- a/cJSON.c
+++ b/cJSON.c
+@@ -263,10 +263,12 @@ CJSON_PUBLIC(void) cJSON_Delete(cJSON *item)
+         if (!(item->type & cJSON_IsReference) && (item->valuestring != NULL))
+         {
+             global_hooks.deallocate(item->valuestring);
+            item->valuestring = NULL;
+         }
+         if (!(item->type & cJSON_StringIsConst) && (item->string != NULL))
+         {
+             global_hooks.deallocate(item->string);
+            item->string = NULL;
+         }
+         global_hooks.deallocate(item);
+         item = next;
+@@ -900,6 +902,7 @@ fail:
+     if (output != NULL)
+     {
+         input_buffer->hooks.deallocate(output);
+        output = NULL;
+     }
+ 
+     if (input_pointer != NULL)
+@@ -1242,6 +1245,7 @@ static unsigned char *print(const cJSON * const item, cJSON_bool format, const i
+ 
+         /* free the buffer */
+         hooks->deallocate(buffer->buffer);
+        buffer->buffer = NULL;
+     }
+ 
+     return printed;
+@@ -1250,11 +1254,13 @@ fail:
+     if (buffer->buffer != NULL)
+     {
+         hooks->deallocate(buffer->buffer);
+        buffer->buffer = NULL;
+     }
+ 
+     if (printed != NULL)
+     {
+         hooks->deallocate(printed);
+        printed = NULL;
+     }
+ 
+     return NULL;
+@@ -1295,6 +1301,7 @@ CJSON_PUBLIC(char *) cJSON_PrintBuffered(const cJSON *item, int prebuffer, cJSON
+     if (!print_value(item, &p))
+     {
+         global_hooks.deallocate(p.buffer);
+        p.buffer = NULL;
+         return NULL;
+     }
+ 
+@@ -3138,4 +3145,5 @@ CJSON_PUBLIC(void *) cJSON_malloc(size_t size)
+ CJSON_PUBLIC(void) cJSON_free(void *object)
+ {
+     global_hooks.deallocate(object);
+    object = NULL;
+ }
+-- 
+2.33.0
+
--- a/cjson.spec
+++ b/cjson.spec
@ -1,6 +1,6 @@
 Name:           cjson
 Version:        1.7.15
-Release:        8
+Release:        9
 Summary:        Ultralightweight JSON parser in ANSI C
 
 License:        MIT and ASL 2.0
@ -15,6 +15,7 @@ Patch0005:  backport-fix-add-allocate-check-for-replace_item_in_object-67.patch
 Patch0006:  backport-fix-print-int-without-decimal-places-630.patch
 Patch0007:  backport-Add-test-for-heap-buffer-overflow.patch
 Patch0008:  backport-Fix-heap-buffer-overflow.patch
+Patch0009:  backport-Set-free-d-pointers-to-NULL-whenever-they-are-not-re.patch

 BuildRequires:  gcc
 BuildRequires:  cmake
@ -61,6 +62,9 @@ rm -f %{buildroot}%{_libdir}/cmake/cJSON/*.cmake
 %{_includedir}/cjson/

 %changelog
+* Wed May 29 2024 Zhao Mengmeng <zhaomengmeng@kylinos.cn> - 1.7.15-9
+- Set free'd pointers to NULL to avoid double free
+
 * Wed May 22 2024 xiejing <xiejing@kylinos.cn> - 1.7.15-8
 - Fix heap buffer overflow