* Fix memleak when parsing key with embedded null byte
This commit fixes and adds a test for a memory leak that occurs when
parsing strings with keys that have a null byte embedded in them.
This memory leak can be triggered with the following line, where this
call returns a `NULL`:
```c
json_parse_string("{\"\\u0000\"")
```
This memory leak happens in the `parse_object_value` function in here:
```
new_key = get_quoted_string(string, &key_len); <---- ALLOCATION
/* We do not support key names with embedded \0 chars */
if (new_key == NULL || key_len != strlen(new_key)) {
json_value_free(output_value);
return NULL; <---- `new_key` NOT FREED
}
SKIP_WHITESPACES(string);
if (**string != ':') {
parson_free(new_key);
json_value_free(output_value);
return NULL;
}
```
* Increments version to 1.1.2
Co-authored-by: Krzysztof Gabis <kgabis@gmail.com>
* Update parson.c
Get objects by index instead of key in json_serialize_to_buffer_r().
* Increments version and updates licence date.
Co-authored-by: Krzysztof Gabis <kgabis@gmail.com>
* Add support for strings with \0 chars
* address feedback
* Increments minor version, adds comments, changes license year
Co-authored-by: Krzysztof Gabis <kgabis@gmail.com>
* Guard against potential integer overflow
If int res holds the value INT_MAX then adding 1 results in undefined
behavior. To guard against this possibility, cast res to size_t, not
the result of res + 1.
Fixes#132
* Increments version.
* More consitent parentheses when casting to size_t.
* Avoid truncating strings warning
GCC 8 introduced the `stringop-truncation` warning, which warns for
uses of `strncpy` of the form `strncpy(out, in, strlen(in))`. This
is often helpful, as this call would not copy the trailing `\0`,
potentially leading to subtle bugs.
With optimizations enabled, the function `parson_strndup` is
inlined, allowing the compiler to see that this call to `strncpy` is
of the form described above. GCC therefore outputs the warning.
In this case, the out buffer has already had the terminating `\0`
written to the end. Thus it is not necessary to copy it. GCC 9.2 is
not quite smart enough to recognize this, so it warns.
The warning is silenced by using `memcpy` instead of `strncpy`.
Although I have not benchmarked it, this change might reasonably
improve the performance of `parson_strndup`. `strncpy` checks every
byte for `\0` in addition to counting to `n`. `memcpy` does not need
to check whether the bytes it copies are `\0`.
However, if `parson_strndup` is frequently passed `char *`s with a
`\0` somewhere in the middle, then `memcpy` will copy more bytes
than necessary, hurting performance. In this case, a better solution
might be:
```
- output_string[n] = `\0`;
- strncpy(output_string, string, n);
+ strncpy(output_string, string, n+1);
```
* Increments parson's version.
SPDX-License-Identifier is useful to clarify the license (both for humans and
machines), especially when the code of the project is embedded into other
projects.
ref: https://spdx.org/using-spdx-license-identifier
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
json_parse_value_with_comments and json_parse_string_with_comments replace comments with whitespaces before parsing. Supported comments are: /* */ and //
Details:
- Fixed bug, where json_object_nget_value returned wrong values.
- json_object_get_count returns a number of object's name-value pairs.
- json_object_get_name returns a name at a specific index.
- Both functions allow iterating over every value in a object.
- Changed max capacity for JSON_Array and JSON_Object (they're not equal anymore).
- Added functions to resize object and array, which are also used after parsing to "trim" them to their real lengths.
- Added try_realloc function.
- Added SUCCESS and ERROR macros to make code more readable.
- Code cleanup.
Removed redundant typedefs, renamed JSON_value_t to JSON_Value_Type and JSON_value_value to JSON_Value_Value to make names more consistent across project. Added project's name and url above license.
