From 8222e9b8c40181aa5df09501526f8f9e394ed192 Mon Sep 17 00:00:00 2001
From: Max Bruckner <max@maxbruckner.de>
Date: Mon, 26 Oct 2015 03:08:47 +0100
Subject: [PATCH] Fix printing of empty string pointers

Once the check if str is NULL is reached, str has already been
derereferenced in the for loop, so in the case that the if clause would
be entered, the program has already crashed due to a null pointer
dereference.

By checking the content of str before dereferencing, the code in the if
clause is actually useful.

for (ptr=str;*ptr;ptr++) flag|=((*ptr>0 && *ptr<32)||(*ptr=='\"')||(*ptr=='\\'))?1:0;

...

if (!str)
...
---
 cJSON.c | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/cJSON.c b/cJSON.c
index 0875fe6..da697eb 100644
--- a/cJSON.c
+++ b/cJSON.c
@@ -253,6 +253,15 @@ static const char *parse_string(cJSON *item,const char *str)
 static char *print_string_ptr(const char *str,printbuffer *p)
 {
 	const char *ptr;char *ptr2,*out;int len=0,flag=0;unsigned char token;
+
+	if (!str)
+	{
+		if (p)	out=ensure(p,3);
+		else	out=(char*)cJSON_malloc(3);
+		if (!out) return 0;
+		strcpy(out,"\"\"");
+		return out;
+	}
 	
 	for (ptr=str;*ptr;ptr++) flag|=((*ptr>0 && *ptr<32)||(*ptr=='\"')||(*ptr=='\\'))?1:0;
 	if (!flag)
@@ -268,14 +277,6 @@ static char *print_string_ptr(const char *str,printbuffer *p)
 		return out;
 	}
 	
-	if (!str)
-	{
-		if (p)	out=ensure(p,3);
-		else	out=(char*)cJSON_malloc(3);
-		if (!out) return 0;
-		strcpy(out,"\"\"");
-		return out;
-	}
 	ptr=str;while ((token=*ptr) && ++len) {if (strchr("\"\\\b\f\n\r\t",token)) len++; else if (token<32) len+=5;ptr++;}
 	
 	if (p)	out=ensure(p,len+3);