packages/cjson
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!24 [sync] PR-23: Fix a null pointer crash in cJSON_ReplaceItemViaPointer

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @dillon_chen 
Signed-off-by: @dillon_chen
This commit is contained in:
openeuler-ci-bot 2024-05-07 09:28:34 +00:00 committed by Gitee
commit cc35d4b5a9
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
Fix-a-null-pointer-crash-in-cJSON_ReplaceItemViaPoin.patch Normal file
View File

@ -0,0 +1,25 @@
From 73d8cbbaf1c8b5ceb5a46a8e7d9a24aa3edaf0a3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=82=96=E5=9C=A8?= <xiaozai@kylinos.cn>
Date: Tue, 7 May 2024 11:40:54 +0800
Subject: [PATCH] Fix a null pointer crash in cJSON_ReplaceItemViaPointer
---
cJSON.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/cJSON.c b/cJSON.c
index 349ebbd..a1073ed 100644
--- a/cJSON.c
+++ b/cJSON.c
@@ -2304,7 +2304,7 @@ CJSON_PUBLIC(cJSON_bool) cJSON_InsertItemInArray(cJSON *array, int which, cJSON
CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemViaPointer(cJSON * const parent, cJSON * const item, cJSON * replacement)
{
- if ((parent == NULL) || (replacement == NULL) || (item == NULL))
+ if ((parent == NULL) || (parent->child == NULL) || (replacement == NULL) || (item == NULL))
{
return false;
}
--
2.33.0

8
cjson.spec
View File

@ -1,6 +1,6 @@
Name: cjson Name: cjson
Version: 1.7.15 Version: 1.7.15
Release: 4 Release: 5
Summary: Ultralightweight JSON parser in ANSI C Summary: Ultralightweight JSON parser in ANSI C
License: MIT and ASL 2.0 License: MIT and ASL 2.0
@ -10,10 +10,13 @@ Source0: https://github.com/DaveGamble/cJSON/archive/refs/tags/v1.7.15.ta
Patch0001: backport-CVE-2023-50471_50472.patch Patch0001: backport-CVE-2023-50471_50472.patch
Patch0002: backport-fix-potential-memory-leak-in-merge_patch.patch Patch0002: backport-fix-potential-memory-leak-in-merge_patch.patch
Patch0003: CVE-2024-31755.patch Patch0003: CVE-2024-31755.patch
Patch0004: Fix-a-null-pointer-crash-in-cJSON_ReplaceItemViaPoin.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: cmake BuildRequires: cmake
%description %description
cJSON aims to be the dumbest possible parser that you can get your job cJSON aims to be the dumbest possible parser that you can get your job
done with. It's a single file of C, and a single header file. done with. It's a single file of C, and a single header file.
@ -54,6 +57,9 @@ rm -f %{buildroot}%{_libdir}/cmake/cJSON/*.cmake
%{_includedir}/cjson/ %{_includedir}/cjson/
%changelog %changelog
* Tue May 07 2024 xiaozai <xiaozai@kylinos.cn> - 1.7.15-5
- Fix a null pointer crash in cJSON_ReplaceItemViaPointer
* Fri Apr 26 2024 lvfei <lvfei@kylinos.cn> - 1.7.15-4 * Fri Apr 26 2024 lvfei <lvfei@kylinos.cn> - 1.7.15-4
- fix CVE-2024-31755 - fix CVE-2024-31755