mirror/cJSON
1
0
Fork 0
mirror of https://github.com/DaveGamble/cJSON.git synced 2023-08-10 21:13:26 +03:00
Code Issues Projects Releases Wiki Activity

Fix #105, double free when parse_string fails

Browse Source 
This fixes a double free that happens when calling cJSON_Delete on an
item that has been used by parse_string and it failed parsing the
string.

The double free happens, because parse_string frees an alias of
item->valuestring, but doesn't set item->valuestring to NULL.
This commit is contained in:
Max Bruckner 2017-02-15 15:37:38 +01:00
parent c3bd4463be
commit 94117a5d23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cJSON.c
View File

@ -468,7 +468,6 @@ static const unsigned char *parse_string(cJSON *item, const unsigned char *str,
{
goto fail;
}
item->valuestring = (char*)out; /* assign here so out will be deleted during cJSON_Delete() later */
item->type = cJSON_String;
ptr = str + 1;
@ -608,6 +607,8 @@ static const unsigned char *parse_string(cJSON *item, const unsigned char *str,
ptr++;
}
item->valuestring = (char*)out;
return ptr;
fail: