test: add boundary coverage for cJSON_ParseWithLengthOpts#1043
Draft
xuh0923 wants to merge 236 commits into
Draft
test: add boundary coverage for cJSON_ParseWithLengthOpts#1043xuh0923 wants to merge 236 commits into
xuh0923 wants to merge 236 commits into
Conversation
Support default __stdcall calling convention (/Gz) on Windows
9ecd703 Merge pull request DaveGamble#39 from mr-mixas/test-absent-from-location-for-copy-and-move-ops 66817e7 test absent 'from' location for copy and move 09dee56 Fix anonymous test 8bae8ed Fix « test should pass - no error » test 855f2a4 Fix « test should pass despite (nested) rearrangement » test 53283fc Fix « test should pass despite rearrangement » test ecf01e7 Fix « null value should be valid obj property » test 1586cdf Fix « Empty-string element » test git-subtree-dir: tests/json-patch-tests git-subtree-split: 9ecd703c08cda4864cd2d2fb580a513ec5740934
…zer_warnings Fix most of the issues reported by the Visual Studio code analysis tool
fix bug: sort_list() returns strange results
Since `prev` is not used anymore after that by the algorithm it should have been fine anyways, still splitting it correctly in the first place is probably a good idea. Thanks @andysCaplin for the fix!
Thanks @raiden00pl for reporting
Also first tests for cJSON_Minify. Thanks @bigric3 for reporting
Add some tests for setting NULL to deallocated pointers releated to DaveGamble#842 and DaveGamble#833
Signed-off-by: DL6ER <dl6er@dl6er.de>
This reverts commit 5b502cd. Related to DaveGamble#860
…ion in case of circular reference
Allocate memory for the temporary buffer when paring numbers. This fixes CVE-2023-26819
github actions fix
The README stated that CMake 2.8.5+ was required, but CMakeLists.txt requires CMake 3.5+. This inconsistency caused confusion for users with CMake versions between 2.8.5 and 3.5. Also updated library_config/uninstall.cmake to match for consistency. Fixes DaveGamble#988
…amble#991) Add NULL check at the beginning of cJSON_SetNumberHelper to prevent segmentation fault when called with NULL object pointer. The function now returns NAN (Not-a-Number) when object is NULL, consistent with error handling patterns in other cJSON functions. This fixes a Denial of Service vulnerability (CWE-476) where an attacker could crash applications using the cJSON library by triggering this function with a NULL pointer. Changes: - cJSON.c: Add NULL check in cJSON_SetNumberHelper - tests/misc_tests.c: Add test case and math.h include Security: Fixes NULL pointer dereference vulnerability
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue
cJSON_ParseWithLengthOptsis the boundary-oriented parsing API, but its dedicated coverage was missing several key edge cases.That left behavior around zero-length buffers, exact-length non-null-terminated input, and required null termination largely implied by implementation instead of being directly asserted by tests.
Changes
cJSON_ParseWithLengthOptsrequire_null_terminatedis enabledVerification
tests/parse_with_opts.cwithgcc -Wall -Wextra -Werror -std=c89parse_examplesfromtests/to confirm existing length-based parsing examples still pass