DaveGamble/cJSON
1
0
Fork 0
mirror of https://github.com/DaveGamble/cJSON.git synced 2026-06-05 21:04:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,112 Commits 11 Branches 49 Tags
master
Commit Graph

1112 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ssh1y Ripple fb16e5cf35 Fix: Type Confusion vulnerability in cJSON_Utils caused by missing type check (#1006) 2026-04-09 09:59:11 +08:00
Lee b2890c8d76 fix: prevent NULL pointer dereference in cJSON_SetNumberHelper (#991) 
Add NULL check at the beginning of cJSON_SetNumberHelper to prevent
segmentation fault when called with NULL object pointer. The function
now returns NAN (Not-a-Number) when object is NULL, consistent with
error handling patterns in other cJSON functions.

This fixes a Denial of Service vulnerability (CWE-476) where an
attacker could crash applications using the cJSON library by
triggering this function with a NULL pointer.

Changes:
- cJSON.c: Add NULL check in cJSON_SetNumberHelper
- tests/misc_tests.c: Add test case and math.h include

Security: Fixes NULL pointer dereference vulnerability
 2026-03-12 19:18:36 +08:00
Lee a3f3d6c784 docs: fix outdated CMake version requirement in README (#990) 
The README stated that CMake 2.8.5+ was required, but CMakeLists.txt
requires CMake 3.5+. This inconsistency caused confusion for users
with CMake versions between 2.8.5 and 3.5.

Also updated library_config/uninstall.cmake to match for consistency.

Fixes #988
 2026-03-12 19:18:15 +08:00
liloler 5cc0e39f42 Fix: add depth check to prevent stack overflow in cJSON_Print (#984) 2026-02-25 15:40:05 +08:00
Lee a29814f285 upgrade version of cmake_minimum_required (#986) 
github actions fix
 2026-02-07 17:13:51 +08:00
Alan Wang c859b25da0 Release 1.7.19 (#958) v1.7.19 2025-09-09 21:56:10 +08:00
Lee 74e1ff4994 fix the incorrect check in decode_array_index_from_pointer (#957) 
this fixes CVE-2025-57052
 2025-09-05 14:53:20 +08:00
PeterAlfredLee 8f2beb57dd bump version of actions/upload-artifact 2025-05-07 11:31:28 +08:00
PeterAlfredLee a328d65ad4 allocate memory for the temporary buffer 
Allocate memory for the temporary buffer when paring numbers.
This fixes CVE-2023-26819
 2025-05-07 11:31:28 +08:00
Nicolas Badoux 12c4bf1986 Wrong counter increment 2024-09-23 19:08:58 +08:00
Nicolas Badoux 9d1b229086 Added max recusrion depth for cJSONDuplicate to prevent stack exhaustion in case of circular reference 2024-09-23 19:08:58 +08:00
Nicolas Badoux 078c4e6c53 Free mem in cjson_set_valuestring_should_return_null_if_strings_overlap 2024-08-30 11:29:28 +08:00
Nicolas Badoux 4f4d7f70c2 CJSON_SetValuestring: better test for overlapping string 2024-08-30 11:29:28 +08:00
Nicolas Badoux b47edc4750 CJSON_SetValuestring: add test for overlapping string 2024-08-30 11:29:28 +08:00
Nicolas Badoux d6d5449e1f fix #881, check overlap before calling strcpy in cJSON_SetValuestring 2024-08-30 11:29:28 +08:00
Nicolas Badoux a78d975537 cJSON_DetachItemViaPointer: added test and fix for check for null in item->prev 2024-08-30 11:29:05 +08:00
Nicolas Badoux f28a468e3b Check for NULL in cJSON_DetachItemViaPointer 2024-08-30 11:29:05 +08:00
Alanscut 424ce4ce96 Revert "feat: add tests for #842" to fix test failures 
This reverts commit 5b502cdbfb.

Related to #860
 2024-06-19 10:58:01 +08:00
Shaun Case 324973008c Fix spelling errors found by CodeSpell. See https://github.com/codespell-project/codespell 2024-05-14 09:43:59 +08:00
DL6ER 8a334b0140 Fix indentation (should use spaces) 
Signed-off-by: DL6ER <dl6er@dl6er.de>
 2024-05-14 09:42:46 +08:00
Alanscut acc76239be add contributors v1.7.18 2024-05-13 18:26:15 +08:00
Alanscut 76be8fcf15 Release 1.7.18 2024-05-13 18:26:15 +08:00
Alanscut 5b502cdbfb feat: add tests for #842 
Add some tests for setting NULL to deallocated pointers
releated to #842 and #833
 2024-05-13 17:18:46 +08:00
maebex 542fb0eadd Set free'd pointers to NULL whenever they are not reassigned immediately after 2024-05-13 17:18:46 +08:00
Alanscut a20be7996d fix: remove misused optimization flag -01 
related to #850
 2024-05-09 10:09:18 +08:00
orri 3ef4e4e730 Fix heap buffer overflow 
Fixes #800
 2024-05-06 11:33:33 +08:00
orri 826cd6f842 Add test for heap buffer overflow 
From #800
 2024-05-06 11:33:33 +08:00
orri 98f9eb0412 Remove non-functional list handling of compiler flags 2024-05-06 10:48:17 +08:00
Alanscut 19396a49a6 update comments and add tests for cJSON_SetValuestring 2024-04-29 10:01:35 +08:00
Alanscut 5671646e97 fix: fix incorrect name in security.md 
Related to #845
 2024-04-28 10:10:58 +08:00
Alan Wang 66e9dff670 Create SECURITY.md 2024-04-26 16:58:00 +08:00
Up-wind 7e4d5dabe7 Add NULL check to cJSON_SetValuestring() 
If the valuestring passed to cJSON_SetValuestring is NULL, a null pointer dereference will happen.

This commit adds the NULL check of valuestring before it is dereferenced.
 2024-04-26 16:34:05 +08:00
Alanscut 87d8f0961a Release 1.7.17 
update version to 1.7.17
v1.7.17 		2023-12-26 10:24:36 +08:00
Lee f66cbab4bf fix error in null checkings (#810) 
fixes #802 and #803
 2023-12-20 11:05:23 +08:00
Lee 60ff122ef5 add NULL checkings (#809) 
* add NULL checks in cJSON_SetValuestring

Fixes #803(CVE-2023-50472)

* add NULL check in cJSON_InsertItemInArray

Fixes #802(CVE-2023-50471)

* add tests for NULL checks

add tests for NULL checks in cJSON_InsertItemInArray and cJSON_SetValuestring
 2023-12-18 11:47:52 +08:00
Alan Wang cb8693b058 Release 1.7.16 (#770) 
* Update version to 1.7.16

* Update contributors
v1.7.16 		2023-07-05 11:22:19 +08:00
Alan Wang 545710e3bf upgrade clang to fix actions error (#768) 
Actions builds are failing because clang-8 is failing to be installed. Upgrade clang-8 to clang-14 to fix this.
 2023-07-04 17:02:03 +08:00
MaxBrandtner 543c28869e Add meson documentation (#761) 2023-07-03 09:35:30 +08:00
hopper-vul 766dd9d590 Fix a null pointer crash in cJSON_ReplaceItemViaPointer (#726) 
If the parent passed in cJSON_ReplaceItemViaPointer has not a child, which means parent->child is null, a null pointer dereference crash will be happened inside cJSON_ReplaceItemViaPointer.

This commit adds the NULL check of `parent->child` beforehand to inform user such incorrect usage.

Signed-off-by: hopper-vul <hopper.vul@gmail.com>
 2023-07-01 16:18:32 +08:00
Junbo Zheng b45f48e600 fix: add allocate check for replace_item_in_object (#675) 
Signed-off-by: Junbo Zheng <zhengjunbo1@xiaomi.com>
 2022-03-29 15:02:59 +08:00
Stoian Ivanov a6424b85dd feat: add cJSON_SetBoolValue and test (#639) 
* cJSON_SetBoolValue plus test

* cJSON_Invalid insted of just 0

* Update tests/misc_tests.c

* VSCode standard C formater applied

Co-authored-by: Alan Wang <wp_scut@163.com>
 2022-01-26 20:24:50 +08:00
mohawk2 3cecc40466 docs: Fix README typo (#664) 2022-01-26 20:23:33 +08:00
Randy 2fc55f6793 chore: add CIFuzz integration (#437) 
* CIFuzz integration

* Rename main.yml to ci-fuzz.yml
 2022-01-20 14:23:57 +08:00
Tony Langhammer c7025b093a chore: ignore all .dylib files (#628) 
This fixes some .dylib files being flagged as added when compiled e.g. `libcjson.dylib.1.7.14`
 2022-01-20 14:17:46 +08:00
10km e7ebe77ebf fix: 'cjson_utils-static' target not exist(#625) 
* Update CMakeLists.txt

fix the bug:when build with cmake using option '-DBUILD_SHARED_AND_STATIC_LIBS=ON -DENABLE_CJSON_UTILS=ON', build sucess,
but use cmake comand 'find_package(cjson CONFIG)', 'cjson_utils' target is available,but  'cjson_utils-static' target not exist.
 2022-01-19 16:28:29 +08:00
Andy 61eb84d991 add an option for ENABLE_CJSON_VERSION_SO in CMakeLists.txt (#534) 
Co-authored-by: m00209177 <malihu@huawei.com>
 2022-01-19 14:45:02 +08:00
AlexanderVasiljev d321fa9e6e fix: print int without decimal places (#630) 2022-01-19 10:30:31 +08:00
Alan Wang 203a0dec6f chore: ignore *.lst/*.lss file (#623) 2021-10-22 16:21:55 +08:00
Joshua Arulsamy c77a688927 build: Bump cmake version and use new version syntax (#587) 
Co-authored-by: Alan Wang <wp_scut@163.com>
 2021-10-22 16:15:19 +08:00
Alan Wang e5dbaee131 docs: update comment (#622) 2021-10-22 16:09:45 +08:00