Release version 1.5.2

CHANGELOG.md

@@ -1,3 +1,11 @@
+1.5.2
+=====
+Fixes:
+------
+* Fix a reading buffer overflow in `parse_string` (a167d9e381e5c84bc03de4e261757b031c0c690d)
+* Fix compiling with -Wcomma (186cce3ece6ce6dfcb58ac8b2a63f7846c3493ad)
+* Remove leftover attribute from tests (b537ca70a35680db66f1f5b8b437f7114daa699a)
+
 1.5.1
 =====
 Fixes:

CMakeLists.txt

@@ -7,7 +7,7 @@ project(cJSON C)
 
 set(PROJECT_VERSION_MAJOR 1)
 set(PROJECT_VERSION_MINOR 5)
-set(PROJECT_VERSION_PATCH 1)
+set(PROJECT_VERSION_PATCH 2)
 set(CJSON_VERSION_SO 1)
 set(CJSON_UTILS_VERSION_SO 1)
 set(PROJECT_VERSION "${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}.${PROJECT_VERSION_PATCH}")

Makefile

@@ -8,7 +8,7 @@ CJSON_TEST_SRC = cJSON.c test.c
 
 LDLIBS = -lm
 
-LIBVERSION = 1.5.1
+LIBVERSION = 1.5.2
 CJSON_SOVERSION = 1
 UTILS_SOVERSION = 1
 

cJSON.c

@@ -58,7 +58,7 @@ CJSON_PUBLIC(const char *) cJSON_GetErrorPtr(void)
 }
 
 /* This is a safeguard to prevent copy-pasters from using incompatible C and header files */
-#if (CJSON_VERSION_MAJOR != 1) || (CJSON_VERSION_MINOR != 5) || (CJSON_VERSION_PATCH != 1)
+#if (CJSON_VERSION_MAJOR != 1) || (CJSON_VERSION_MINOR != 5) || (CJSON_VERSION_PATCH != 2)
     #error cJSON.h and cJSON.c have different versions. Make sure that both have the same.
 #endif
 
@@ -657,7 +657,7 @@ static cJSON_bool parse_string(cJSON * const item, parse_buffer * const input_bu
         /* calculate approximate size of the output (overestimate) */
         size_t allocation_length = 0;
         size_t skipped_bytes = 0;
-        while ((*input_end != '\"') && ((size_t)(input_end - input_buffer->content) < input_buffer->length))
+        while (((size_t)(input_end - input_buffer->content) < input_buffer->length) && (*input_end != '\"'))
         {
             /* is escape sequence */
             if (input_end[0] == '\\')
@@ -672,7 +672,7 @@ static cJSON_bool parse_string(cJSON * const item, parse_buffer * const input_bu
             }
             input_end++;
         }
-        if (*input_end != '\"')
+        if (((size_t)(input_end - input_buffer->content) >= input_buffer->length) || (*input_end != '\"'))
         {
             goto fail; /* string ended unexpectedly */
         }
@@ -2560,16 +2560,18 @@ CJSON_PUBLIC(cJSON_bool) cJSON_Compare(const cJSON * const a, const cJSON * cons
 
         case cJSON_Array:
         {
-            cJSON *a_element = NULL;
+            cJSON *a_element = a->child;
-            cJSON *b_element = NULL;
+            cJSON *b_element = b->child;
-            for (a_element = a->child, b_element = b->child;
+
-                    (a_element != NULL) && (b_element != NULL);
+            for (; (a_element != NULL) && (b_element != NULL);)
-                    a_element = a_element->next, b_element = b_element->next)
             {
                 if (!cJSON_Compare(a_element, b_element, case_sensitive))
                 {
                     return false;
                 }
+
+                a_element = a_element->next;
+                b_element = b_element->next;
             }
 
             return true;

cJSON.h

@@ -31,7 +31,7 @@ extern "C"
 /* project version */
 #define CJSON_VERSION_MAJOR 1
 #define CJSON_VERSION_MINOR 5
-#define CJSON_VERSION_PATCH 1
+#define CJSON_VERSION_PATCH 2
 
 #include <stddef.h>
 

tests/old_utils_tests.c

@@ -30,7 +30,7 @@
 #include "../cJSON_Utils.h"
 
 /* JSON Apply Merge tests: */
-const char *merges[15][3] =
+static const char *merges[15][3] =
 {
     {"{\"a\":\"b\"}", "{\"a\":\"c\"}", "{\"a\":\"c\"}"},
     {"{\"a\":\"b\"}", "{\"b\":\"c\"}", "{\"a\":\"b\",\"b\":\"c\"}"},