From a2309a509d1aec2036d3f9491ae8b579ee664c92 Mon Sep 17 00:00:00 2001
From: Max Bruckner <max@maxbruckner.de>
Date: Mon, 30 Jan 2017 19:29:52 +0100
Subject: [PATCH 1/2] Utils: InplaceDecodePointerString: Check for NULL

---
 cJSON_Utils.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/cJSON_Utils.c b/cJSON_Utils.c
index 71f3d84..02eadfc 100644
--- a/cJSON_Utils.c
+++ b/cJSON_Utils.c
@@ -208,6 +208,11 @@ cJSON *cJSONUtils_GetPointer(cJSON *object, const char *pointer)
 static void cJSONUtils_InplaceDecodePointerString(char *string)
 {
     char *s2 = string;
+
+    if (string == NULL) {
+        return;
+    }
+
     for (; *string; s2++, string++)
     {
         *s2 = (*string != '~')

From ff0681e4fdc971665c054a942cb015d644c97436 Mon Sep 17 00:00:00 2001
From: Max Bruckner <max@maxbruckner.de>
Date: Mon, 30 Jan 2017 19:30:16 +0100
Subject: [PATCH 2/2] Utils: PatchDetach: Check for invalid patch string

---
 cJSON_Utils.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/cJSON_Utils.c b/cJSON_Utils.c
index 02eadfc..8b5f4b8 100644
--- a/cJSON_Utils.c
+++ b/cJSON_Utils.c
@@ -234,12 +234,19 @@ static cJSON *cJSONUtils_PatchDetach(cJSON *object, const char *path)
 
     /* copy path and split it in parent and child */
     parentptr = cJSONUtils_strdup(path);
-    childptr = strrchr(parentptr, '/'); /* last '/' */
-    if (childptr)
-    {
-        /* split strings */
-        *childptr++ = '\0';
+    if (parentptr == NULL) {
+        return NULL;
     }
+
+    childptr = strrchr(parentptr, '/'); /* last '/' */
+    if (childptr == NULL)
+    {
+        free(parentptr);
+        return NULL;
+    }
+    /* split strings */
+    *childptr++ = '\0';
+
     parent = cJSONUtils_GetPointer(object, parentptr);
     cJSONUtils_InplaceDecodePointerString(childptr);