current develop branch still crashes when cJSON_GetObjectItemCaseSensitive() is called on a cJSON array (rather than an object). the master commit be749d7 (CVE-2019-1010239) fixed it but hasn't reached develop.
Docker A/B verification (gcc + libcjson.a in ubuntu:22.04):
cJSON *a = cJSON_CreateArray();
cJSON_AddItemToArray(a, cJSON_CreateString("x"));
cJSON *r = cJSON_GetObjectItemCaseSensitive(a, "key");
printf("%p\n", r);
- pre-fix: exit 139 (SIGSEGV on
strcmp(name, NULL))
- post-fix: prints
(nil) exit 0
backport branch: dkgkdfg65/cJSON @ nonbsp/backport/cve-2019-1010239-develop. PR follows.
upstream commit: be749d7efa7c
CVE: https://nvd.nist.gov/vuln/detail/CVE-2019-1010239
asks: in addition to the PR, would you consider acknowledging dkgkdfg65 (https://github.com/dkgkdfg65) for surfacing the develop-branch scope — via:
- contacting the CVE-2019-1010239 CNA (josh@bress.net) to add me as a reporter
- a project-side GHSA on this repo referencing the CVE
- mention in CHANGELOG / release notes
current develop branch still crashes when
cJSON_GetObjectItemCaseSensitive()is called on a cJSON array (rather than an object). the master commit be749d7 (CVE-2019-1010239) fixed it but hasn't reached develop.Docker A/B verification (gcc + libcjson.a in ubuntu:22.04):
strcmp(name, NULL))(nil)exit 0backport branch:
dkgkdfg65/cJSON @ nonbsp/backport/cve-2019-1010239-develop. PR follows.upstream commit: be749d7efa7c
CVE: https://nvd.nist.gov/vuln/detail/CVE-2019-1010239
asks: in addition to the PR, would you consider acknowledging dkgkdfg65 (https://github.com/dkgkdfg65) for surfacing the develop-branch scope — via: