New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cJSON_Minify cross-border read&write 1 #337
Comments
|
You must never pass a non-null terminated string into cJSON. Without the Your code would be correct like this: #include <stdlib.h>
#include "cJSON.h"
int main (int argc, const char * argv[])
{
char testdata[9] = {'\t','\t','\t','\t','\"','\\','n','n', '\0'};
cJSON_Minify(testdata);
printf("target:%s\n",testdata);
return 0;
} |
|
What actually happens is not a stackoverflow btw., it is a buffer overflow on the stack though. |
|
yes sir,this question‘s root cause same as issues 338,but 2 different places. ` ` should edit as below ` |
|
|
|
CVE-2019-11834 was assigned for this issue. |
https://github.com/DaveGamble/cJSON/blob/master/cJSON.c : 2678
can bypass '\x00',bug can be trigger with json string buffer that end with '\x00' or not
test demo, compile at ubuntu x86, cause stackoverflow:
The text was updated successfully, but these errors were encountered: