3party/cJSON
0
0
Fork 0
mirror of https://github.com/DaveGamble/cJSON.git synced 2024-12-26 12:41:03 +08:00
Code Issues Projects Releases Wiki Activity

fix #881, check overlap before calling strcpy in cJSON_SetValuestring

Browse Source
This commit is contained in:
Nicolas Badoux 2024-08-23 14:50:30 +00:00 committed by Alan Wang
parent a78d975537
commit d6d5449e1f
1 changed files with 12 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
cJSON.c
View File

@ -403,6 +403,8 @@ CJSON_PUBLIC(double) cJSON_SetNumberHelper(cJSON *object, double number)
CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring)
{
char *copy = NULL;
size_t v1_len;
size_t v2_len;
/* if object's type is not cJSON_String or is cJSON_IsReference, it should not set valuestring */
if ((object == NULL) || !(object->type & cJSON_String) || (object->type & cJSON_IsReference))
{
@ -413,8 +415,17 @@ CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring)
{
return NULL;
}
if (strlen(valuestring) <= strlen(object->valuestring))
v1_len = strlen(valuestring);
v2_len = strlen(object->valuestring);
if (v1_len <= v2_len)
{
/* strcpy does not handle overlapping string: [X1, X2] [Y1, Y2] => X2 < Y1 or Y2 < X1 */
if (!( valuestring + v1_len < object->valuestring || object->valuestring + v2_len < valuestring ))
{
return NULL;
}
strcpy(object->valuestring, valuestring);
return object->valuestring;
}