AIR/parson
1
0
Fork 0
mirror of https://github.com/kgabis/parson.git synced 2024-11-24 06:05:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix memleak when parsing keys with embedded null bytes (#157)

Browse Source 
* Fix memleak when parsing key with embedded null byte

This commit fixes and adds a test for a memory leak that occurs when
parsing strings with keys that have a null byte embedded in them.

This memory leak can be triggered with the following line, where this
call returns a `NULL`:
```c
        json_parse_string("{\"\\u0000\"")
```

This memory leak happens in the `parse_object_value` function in here:
```
        new_key = get_quoted_string(string, &key_len);  <---- ALLOCATION
        /* We do not support key names with embedded \0 chars */
        if (new_key == NULL || key_len != strlen(new_key)) {
            json_value_free(output_value);
            return NULL;                       <---- `new_key` NOT FREED
        }
        SKIP_WHITESPACES(string);
        if (**string != ':') {
            parson_free(new_key);
            json_value_free(output_value);
            return NULL;
        }
```

* Increments version to 1.1.2

Co-authored-by: Krzysztof Gabis <kgabis@gmail.com>
This commit is contained in:
Disconnect3d 2021-05-03 18:47:03 +02:00 committed by GitHub
parent 60b2c69f17
commit ab7f5e5401
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CMakeLists.txt
View File

@ -3,7 +3,7 @@ project(parson C)
include (GNUInstallDirs)
set(PARSON_VERSION 1.1.1)
set(PARSON_VERSION 1.1.2)
add_library(parson parson.c)
target_include_directories(parson PUBLIC $<INSTALL_INTERFACE:include>)

2
package.json
View File

@ -1,6 +1,6 @@
{
"name": "parson",
"version": "1.1.1",
"version": "1.1.2",
"repo": "kgabis/parson",
"description": "Small json parser and reader",
"keywords": [ "json", "parser" ],

5
parson.c
View File

@ -1,7 +1,7 @@
/*
SPDX-License-Identifier: MIT
Parson 1.1.1 ( http://kgabis.github.com/parson/ )
Parson 1.1.2 ( http://kgabis.github.com/parson/ )
Copyright (c) 2012 - 2021 Krzysztof Gabis
Permission is hereby granted, free of charge, to any person obtaining a copy
@ -742,6 +742,9 @@ static JSON_Value * parse_object_value(const char **string, size_t nesting) {
new_key = get_quoted_string(string, &key_len);
/* We do not support key names with embedded \0 chars */
if (new_key == NULL || key_len != strlen(new_key)) {
if (new_key) {
parson_free(new_key);
}
json_value_free(output_value);
return NULL;
}

2
parson.h
View File

@ -1,7 +1,7 @@
/*
SPDX-License-Identifier: MIT
Parson 1.1.1 ( http://kgabis.github.com/parson/ )
Parson 1.1.2 ( http://kgabis.github.com/parson/ )
Copyright (c) 2012 - 2021 Krzysztof Gabis
Permission is hereby granted, free of charge, to any person obtaining a copy

2
tests.c
View File

@ -588,6 +588,8 @@ void test_memory_leaks() {
TEST(json_object_set_boolean(NULL, "lorem", 0) == JSONFailure);
TEST(json_object_set_null(NULL, "lorem") == JSONFailure);
TEST(json_parse_string("{\"\\u0000\"") == NULL);
TEST(malloc_count == 0);
}