I was taking a look at the cJSON codebase on behalf of a customer, and I a spot that I wanted to check when printing cJSON_Raw values:
If item->valuestring is NULL, the print_value() implementation may deallocate the write buffer and then return. However, at least some callers of print_value() (for example print()) will also deallocate this buffer on failure. This looks like a potential double-free.
I haven't had time to be verify this for certain, or write a test, but I thought I would report it while I had it in front of me. Seems like it's probably an unlikely path to hit in real code.
EDIT: Previous version of this issue had two points. For one, I missed that the memcpy included the terminating byte.
The text was updated successfully, but these errors were encountered:
projectgus
changed the title
Memory issues when printing cJSON_Raw
Double-free when printing cJSON_Raw if valuestring==NULL
Feb 7, 2018
I was taking a look at the cJSON codebase on behalf of a customer, and I a spot that I wanted to check when printing cJSON_Raw values:
I haven't had time to be verify this for certain, or write a test, but I thought I would report it while I had it in front of me. Seems like it's probably an unlikely path to hit in real code.
EDIT: Previous version of this issue had two points. For one, I missed that the memcpy included the terminating byte.
The text was updated successfully, but these errors were encountered: