Merge pull request #355 from DaveGamble/release-1.7.12

Release 1.7.12

CHANGELOG.md

@@ -1,9 +1,33 @@
+1.7.12
+======
+Fixes:
+------
+* Fix infinite loop in `cJSON_Minify` (potential Denial of Service), thanks @Alanscut for reporting. See #354
+* Fix link error for Visual Studio. Thanks @tan-wei, see #352
+* Undefine `true` and `false` for `cJSON_Utils` before redefining them. Thanks @raiden00pl, see #347
+
+
+1.7.11
+======
+Fixes:
+------
+* Fix a bug where cJSON_Minify could overflow it's buffer, both reading and writing. This is a security issue. (see #338). Big thanks @bigric3 for reporting.
+* Unset `true` and `false` macros before setting them if they exist. See #339, thanks @raiden00pl for reporting
+
+1.7.10
+======
+Fixes:
+------
+* Fix package config file for `libcjson`. Thanks @shiluotang for reporting (#321)
+* Correctly split lists in `cJSON_Utils`'s merge sort. Thanks @andysCaplin for the fix (#322)
+
 1.7.9
 =====
 Fixes:
 ------
 * Fix a bug where `cJSON_GetObjectItemCaseSensitive` would pass a nullpointer to `strcmp` when called on an array (#315). Thanks @yuweol for reporting.
 * Fix error in `cJSON_Utils` where the case sensitivity was not respected (#317). Thanks @yuta-oxo for fixing.
+* Fix some warnings detected by the Visual Studio Static Analyzer (#307). Thanks @bnason-nf
 
 1.7.8
 =====

CMakeLists.txt

@@ -7,7 +7,7 @@ include(GNUInstallDirs)
 
 set(PROJECT_VERSION_MAJOR 1)
 set(PROJECT_VERSION_MINOR 7)
-set(PROJECT_VERSION_PATCH 9)
+set(PROJECT_VERSION_PATCH 12)
 set(CJSON_VERSION_SO 1)
 set(CJSON_UTILS_VERSION_SO 1)
 set(PROJECT_VERSION "${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}.${PROJECT_VERSION_PATCH}")

CONTRIBUTORS.md

@@ -14,6 +14,7 @@ Current Maintainer: [Max Bruckner](https://github.com/FSMaxB)
 * [Debora Grosse](https://github.com/DeboraG)
 * [dieyushi](https://github.com/dieyushi)
 * [Dōngwén Huáng (黄东文)](https://github.com/DongwenHuang)
+* [Donough Liu](https://github.com/ldm0)
 * Eswar Yaganti
 * [Evan Todd](https://github.com/etodd)
 * [Fabrice Fontaine](https://github.com/ffontaine)
@@ -34,12 +35,14 @@ Current Maintainer: [Max Bruckner](https://github.com/FSMaxB)
 * [Pawel Winogrodzki](https://github.com/PawelWMS)
 * [prefetchnta](https://github.com/prefetchnta)
 * [Rafael Leal Dias](https://github.com/rafaeldias)
+* [raiden00pl](https://github.com/raiden00pl)
 * [Robin Mallinson](https://github.com/rmallins)
 * [Rod Vagg](https://github.com/rvagg)
 * [Roland Meertens](https://github.com/rmeertens)
 * [Romain Porte](https://github.com/MicroJoe)
 * [Simon Ricaldone](https://github.com/simon-p-r)
 * [Stephan Gatzka](https://github.com/gatzka)
+* [tan-wei](https://github.com/tan-wei)
 * [Weston Schmidt](https://github.com/schmidtw)
 * [yangfl](https://github.com/yangfl)
 * [yuta-oxo](https://github.com/yuta-oxo)

Makefile

@@ -8,7 +8,7 @@ CJSON_TEST_SRC = cJSON.c test.c
 
 LDLIBS = -lm
 
-LIBVERSION = 1.7.9
+LIBVERSION = 1.7.12
 CJSON_SOVERSION = 1
 UTILS_SOVERSION = 1
 

cJSON.c

@@ -58,7 +58,14 @@
 #include "cJSON.h"
 
 /* define our own boolean type */
+#ifdef true
+#undef true
+#endif
 #define true ((cJSON_bool)1)
+
+#ifdef false
+#undef false
+#endif
 #define false ((cJSON_bool)0)
 
 typedef struct {
@@ -81,7 +88,7 @@ CJSON_PUBLIC(char *) cJSON_GetStringValue(cJSON *item) {
 }
 
 /* This is a safeguard to prevent copy-pasters from using incompatible C and header files */
-#if (CJSON_VERSION_MAJOR != 1) || (CJSON_VERSION_MINOR != 7) || (CJSON_VERSION_PATCH != 9)
+#if (CJSON_VERSION_MAJOR != 1) || (CJSON_VERSION_MINOR != 7) || (CJSON_VERSION_PATCH != 12)
     #error cJSON.h and cJSON.c have different versions. Make sure that both have the same.
 #endif
 
@@ -144,6 +151,9 @@ static void * CJSON_CDECL internal_realloc(void *pointer, size_t size)
 #define internal_realloc realloc
 #endif
 
+/* strlen of character literals resolved at compile time */
+#define static_strlen(string_literal) (sizeof(string_literal) - sizeof(""))
+
 static internal_hooks global_hooks = { internal_malloc, internal_free, internal_realloc };
 
 static unsigned char* cJSON_strdup(const unsigned char* string, const internal_hooks * const hooks)
@@ -504,7 +514,7 @@ static cJSON_bool print_number(const cJSON * const item, printbuffer * const out
         }
     }
 
-    /* sprintf failed or buffer overrun occured */
+    /* sprintf failed or buffer overrun occurred */
     if ((length < 0) || (length > (int)(sizeof(number_buffer) - 1)))
     {
         return false;
@@ -1555,7 +1565,7 @@ static cJSON_bool parse_object(cJSON * const item, parse_buffer * const input_bu
         buffer_skip_whitespace(input_buffer);
         if (!parse_string(current_item, input_buffer))
         {
-            goto fail; /* faile to parse name */
+            goto fail; /* failed to parse name */
         }
         buffer_skip_whitespace(input_buffer);
 
@@ -2630,69 +2640,96 @@ fail:
     return NULL;
 }
 
+static void skip_oneline_comment(char **input)
+{
+    *input += static_strlen("//");
+
+    for (; (*input)[0] != '\0'; ++(*input))
+    {
+        if ((*input)[0] == '\n') {
+            *input += static_strlen("\n");
+            return;
+        }
+    }
+}
+
+static void skip_multiline_comment(char **input)
+{
+    *input += static_strlen("/*");
+
+    for (; (*input)[0] != '\0'; ++(*input))
+    {
+        if (((*input)[0] == '*') && ((*input)[1] == '/'))
+        {
+            *input += static_strlen("*/");
+            return;
+        }
+    }
+}
+
+static void minify_string(char **input, char **output) {
+    (*output)[0] = (*input)[0];
+    *input += static_strlen("\"");
+    *output += static_strlen("\"");
+
+
+    for (; (*input)[0] != '\0'; (void)++(*input), ++(*output)) {
+        (*output)[0] = (*input)[0];
+
+        if ((*input)[0] == '\"') {
+            (*output)[0] = '\"';
+            *input += static_strlen("\"");
+            *output += static_strlen("\"");
+            return;
+        } else if (((*input)[0] == '\\') && ((*input)[1] == '\"')) {
+            (*output)[1] = (*input)[1];
+            *input += static_strlen("\"");
+            *output += static_strlen("\"");
+        }
+    }
+}
+
 CJSON_PUBLIC(void) cJSON_Minify(char *json)
 {
-    unsigned char *into = (unsigned char*)json;
+    char *into = json;
 
     if (json == NULL)
     {
         return;
     }
 
-    while (*json)
+    while (json[0] != '\0')
     {
-        if (*json == ' ')
+        switch (json[0])
         {
-            json++;
+            case ' ':
-        }
+            case '\t':
-        else if (*json == '\t')
+            case '\r':
-        {
+            case '\n':
-            /* Whitespace characters. */
-            json++;
-        }
-        else if (*json == '\r')
-        {
-            json++;
-        }
-        else if (*json=='\n')
-        {
-            json++;
-        }
-        else if ((*json == '/') && (json[1] == '/'))
-        {
-            /* double-slash comments, to end of line. */
-            while (*json && (*json != '\n'))
-            {
                 json++;
-            }
+                break;
-        }
+
-        else if ((*json == '/') && (json[1] == '*'))
+            case '/':
-        {
+                if (json[1] == '/')
-            /* multiline comments. */
-            while (*json && !((*json == '*') && (json[1] == '/')))
-            {
-                json++;
-            }
-            json += 2;
-        }
-        else if (*json == '\"')
-        {
-            /* string literals, which are \" sensitive. */
-            *into++ = (unsigned char)*json++;
-            while (*json && (*json != '\"'))
-            {
-                if (*json == '\\')
                 {
-                    *into++ = (unsigned char)*json++;
+                    skip_oneline_comment(&json);
                 }
-                *into++ = (unsigned char)*json++;
+                else if (json[1] == '*')
-            }
+                {
-            *into++ = (unsigned char)*json++;
+                    skip_multiline_comment(&json);
-        }
+                } else {
-        else
+                    json++;
-        {
+                }
-            /* All other characters. */
+                break;
-            *into++ = (unsigned char)*json++;
+
+            case '\"':
+                minify_string(&json, (char**)&into);
+                break;
+
+            default:
+                into[0] = json[0];
+                json++;
+                into++;
         }
     }
 

cJSON.h

@@ -81,7 +81,7 @@ then using the CJSON_API_VISIBILITY flag to "export" the same symbols the way CJ
 /* project version */
 #define CJSON_VERSION_MAJOR 1
 #define CJSON_VERSION_MINOR 7
-#define CJSON_VERSION_PATCH 9
+#define CJSON_VERSION_PATCH 12
 
 #include <stddef.h>
 

cJSON_Utils.c

@@ -50,7 +50,14 @@
 #include "cJSON_Utils.h"
 
 /* define our own boolean type */
+#ifdef true
+#undef true
+#endif
 #define true ((cJSON_bool)1)
+
+#ifdef false
+#undef false
+#endif
 #define false ((cJSON_bool)0)
 
 static unsigned char* cJSONUtils_strdup(const unsigned char* const string)
@@ -499,6 +506,7 @@ static cJSON *sort_list(cJSON *list, const cJSON_bool case_sensitive)
     {
         /* Split the lists */
         second->prev->next = NULL;
+        second->prev = NULL;
     }
 
     /* Recursively sort the sub-lists. */

library_config/libcjson.pc.in

@@ -6,5 +6,5 @@ Version: @PROJECT_VERSION@
 Description: Ultralightweight JSON parser in ANSI C
 URL: https://github.com/DaveGamble/cJSON
 Libs: -L${libdir} -lcjson
-Libs.Private: -lm
+Libs.private: -lm
 Cflags: -I${includedir}

tests/CMakeLists.txt

@@ -57,6 +57,7 @@ if(ENABLE_CJSON_TEST)
         compare_tests
         cjson_add
         readme_examples
+        minify_tests
     )
 
     option(ENABLE_VALGRIND OFF "Enable the valgrind memory checker for the tests.")
@@ -101,6 +102,9 @@ if(ENABLE_CJSON_TEST)
         foreach (cjson_utils_test ${cjson_utils_tests})
             add_executable("${cjson_utils_test}" "${cjson_utils_test}.c")
             target_link_libraries("${cjson_utils_test}" "${CJSON_LIB}" "${CJSON_UTILS_LIB}" unity)
+            if("${CMAKE_C_COMPILER_ID}" STREQUAL "MSVC")
+                target_sources(${cjson_utils_test} PRIVATE unity_setup.c)
+            endif()
             if(MEMORYCHECK_COMMAND)
                 add_test(NAME "${cjson_utils_test}"
                     COMMAND "${MEMORYCHECK_COMMAND}" ${MEMORYCHECK_COMMAND_OPTIONS} "${CMAKE_CURRENT_BINARY_DIR}/${cjson_utils_test}")

tests/minify_tests.c

@@ -0,0 +1,174 @@
+/*
+  Copyright (c) 2009-2019 Dave Gamble and cJSON contributors
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "unity/examples/unity_config.h"
+#include "unity/src/unity.h"
+#include "common.h"
+
+
+static void cjson_minify_should_not_overflow_buffer(void)
+{
+    char unclosed_multiline_comment[] = "/* bla";
+    char pending_escape[] = "\"\\";
+
+    cJSON_Minify(unclosed_multiline_comment);
+    TEST_ASSERT_EQUAL_STRING("", unclosed_multiline_comment);
+
+    cJSON_Minify(pending_escape);
+    TEST_ASSERT_EQUAL_STRING("\"\\", pending_escape);
+}
+
+static void cjson_minify_should_remove_single_line_comments(void)
+{
+    const char to_minify[] = "{// this is {} \"some kind\" of [] comment /*, don't you see\n}";
+
+    char* minified = (char*) malloc(sizeof(to_minify));
+    TEST_ASSERT_NOT_NULL(minified);
+    strcpy(minified, to_minify);
+
+    cJSON_Minify(minified);
+    TEST_ASSERT_EQUAL_STRING("{}", minified);
+
+    free(minified);
+}
+
+static void cjson_minify_should_remove_spaces(void)
+{
+    const char to_minify[] = "{ \"key\":\ttrue\r\n    }";
+
+    char* minified = (char*) malloc(sizeof(to_minify));
+    TEST_ASSERT_NOT_NULL(minified);
+    strcpy(minified, to_minify);
+
+    cJSON_Minify(minified);
+    TEST_ASSERT_EQUAL_STRING("{\"key\":true}", minified);
+
+    free(minified);
+}
+
+static void cjson_minify_should_remove_multiline_comments(void)
+{
+    const char to_minify[] = "{/* this is\n a /* multi\n //line \n {comment \"\\\" */}";
+
+    char* minified = (char*) malloc(sizeof(to_minify));
+    TEST_ASSERT_NOT_NULL(minified);
+    strcpy(minified, to_minify);
+
+    cJSON_Minify(minified);
+    TEST_ASSERT_EQUAL_STRING("{}", minified);
+
+    free(minified);
+}
+
+static void cjson_minify_should_not_modify_strings(void)
+{
+    const char to_minify[] = "\"this is a string \\\" \\t bla\"";
+
+    char* minified = (char*) malloc(sizeof(to_minify));
+    TEST_ASSERT_NOT_NULL(minified);
+    strcpy(minified, to_minify);
+
+    cJSON_Minify(minified);
+    TEST_ASSERT_EQUAL_STRING(to_minify, minified);
+
+    free(minified);
+}
+
+static void cjson_minify_should_minify_json(void) {
+    const char to_minify[] =
+            "{\n"
+            "    \"glossary\": { // comment\n"
+            "        \"title\": \"example glossary\",\n"
+            "  /* multi\n"
+            " line */\n"
+            "		\"GlossDiv\": {\n"
+            "            \"title\": \"S\",\n"
+            "			\"GlossList\": {\n"
+            "                \"GlossEntry\": {\n"
+            "                    \"ID\": \"SGML\",\n"
+            "					\"SortAs\": \"SGML\",\n"
+            "					\"Acronym\": \"SGML\",\n"
+            "					\"Abbrev\": \"ISO 8879:1986\",\n"
+            "					\"GlossDef\": {\n"
+            "						\"GlossSeeAlso\": [\"GML\", \"XML\"]\n"
+            "                    },\n"
+            "					\"GlossSee\": \"markup\"\n"
+            "                }\n"
+            "            }\n"
+            "        }\n"
+            "    }\n"
+            "}";
+    const char* minified =
+            "{"
+            "\"glossary\":{"
+            "\"title\":\"example glossary\","
+            "\"GlossDiv\":{"
+            "\"title\":\"S\","
+            "\"GlossList\":{"
+            "\"GlossEntry\":{"
+            "\"ID\":\"SGML\","
+            "\"SortAs\":\"SGML\","
+            "\"Acronym\":\"SGML\","
+            "\"Abbrev\":\"ISO 8879:1986\","
+            "\"GlossDef\":{"
+            "\"GlossSeeAlso\":[\"GML\",\"XML\"]"
+            "},"
+            "\"GlossSee\":\"markup\""
+            "}"
+            "}"
+            "}"
+            "}"
+            "}";
+
+    char *buffer = (char*) malloc(sizeof(to_minify));
+    strcpy(buffer, to_minify);
+
+    cJSON_Minify(buffer);
+    TEST_ASSERT_EQUAL_STRING(minified, buffer);
+
+    free(buffer);
+}
+
+static void cjson_minify_should_not_loop_infinitely(void) {
+    char string[] = { '8', ' ', '/', ' ', '5', '\n', '\0' };
+    /* this should not be an infinite loop */
+    cJSON_Minify(string);
+}
+
+int CJSON_CDECL main(void)
+{
+    UNITY_BEGIN();
+
+    RUN_TEST(cjson_minify_should_not_overflow_buffer);
+    RUN_TEST(cjson_minify_should_minify_json);
+    RUN_TEST(cjson_minify_should_remove_single_line_comments);
+    RUN_TEST(cjson_minify_should_remove_multiline_comments);
+    RUN_TEST(cjson_minify_should_remove_spaces);
+    RUN_TEST(cjson_minify_should_not_modify_strings);
+    RUN_TEST(cjson_minify_should_not_loop_infinitely);
+
+    return UNITY_END();
+}