Null Pointer Dereference in cy_json_parser.c #1
Comments
|
Hi, Let me try and reproduce this. I will get back to you soon. Thanks |
|
Hi, I have tested by pasting the code lines you've mentioned in an empty application and it doesn't crash. Firstly, I don't know if it's intentional to pass 3 as length of test_string when it's actually 5 for your case. Anyways, since this is an JSON array literal, "most_recent_object_marker" is zero like you mentioned. Condition for "if" statement at line 1068 in "cy_json_parser.c" file is FALSE. So, "memcpy" won't be executed. cy_JSON_parser() will return "CY_RSLT_JSON_GENERIC_ERROR" as JSON array literal is not terminated with ']'. Thanks |
|
Bug fix is mentioned below the v3.2.1 release but not sure why it has been removed from "Release.md" in the latest commit. Thanks for pointing it out. I will relay this to internal team. |
Prerequisites
Yes, see below
There seem to be no known issues
It happens on the latest master version
Description:
A null pointer dereference can be triggered with following code:
The code excepts at cy_json_parser.c:1068 because the variable
most_recent_object_markeris zero with the given input.Steps to Reproduce:
Create a new application with the Modus Toolbox and include the connectivity-utilities
Insert the code from above somewhere in the main function
Expected Result:
Parsing of the (incomplete) JSON string.
Actual Result:
The application crashes, because
memcpyis called with a null pointer.Frequency (1/1, 1/50, 1/100):
Build/Commit:
Latest Release: release-v3.2.0
Target:
Cypress CY8CKIT-062-WiFi-BT
Host OS and Version:
Ubuntu 20.04
Compiler:
arm-none-eabi-gcc (GNU Arm Embedded Toolchain 10.3-2021.07) 10.3.1 20210621 (release)
Environment
Latest Modus Toolbox and the above mentioned Cypress CY8CKIT-062-WiFi-BT board
The text was updated successfully, but these errors were encountered: