cJSON/CHANGELOG.md
2019-05-17 00:37:26 +02:00

15 KiB

1.7.12

Fixes:

  • Fix infinite loop in cJSON_Minify (potential Denial of Service), thanks @Alanscut for reporting. See #354
  • Fix link error for Visual Studio. Thanks @tan-wei, see #352
  • Undefine true and false for cJSON_Utils before redefining them. Thanks @raiden00pl, see #347

1.7.11

Fixes:

  • Fix a bug where cJSON_Minify could overflow it's buffer, both reading and writing. This is a security issue. (see #338). Big thanks @bigric3 for reporting.
  • Unset true and false macros before setting them if they exist. See #339, thanks @raiden00pl for reporting

1.7.10

Fixes:

  • Fix package config file for libcjson. Thanks @shiluotang for reporting (#321)
  • Correctly split lists in cJSON_Utils's merge sort. Thanks @andysCaplin for the fix (#322)

1.7.9

Fixes:

  • Fix a bug where cJSON_GetObjectItemCaseSensitive would pass a nullpointer to strcmp when called on an array (#315). Thanks @yuweol for reporting.
  • Fix error in cJSON_Utils where the case sensitivity was not respected (#317). Thanks @yuta-oxo for fixing.
  • Fix some warnings detected by the Visual Studio Static Analyzer (#307). Thanks @bnason-nf

1.7.8

Fixes:

  • cJSON now works with the __stdcall calling convention on Windows, see #295, thanks @zhindes for contributing

1.7.7

Fixes:

  • Fix a memory leak when realloc fails (see #267), thanks @AlfieDeng for reporting
  • Fix a typo in the header file (see #266), thanks @zhaozhixu

1.7.6

Fixes:

  • Add SONAME to the ELF files built by the Makefile (see #252), thanks @YanhaoMo for reporting
  • Add include guards and extern "C" to cJSON_Utils.h (see #256), thanks @daschfg for reporting

Other changes:

  • Mark the Makefile as deprecated in the README.

1.7.5

Fixes:

  • Fix a bug in the JSON Patch implementation of cJSON Utils (see #251), thanks @bobkocisko.

1.7.4

Fixes:

  • Fix potential use after free if the string parameter to cJSON_AddItemToObject is an alias of the string property of the object that is added (#248). Thanks @hhallen for reporting.

1.7.3

Fixes:

  • Fix potential double free, thanks @projectgus for reporting (see #241)

1.7.2

Fixes:

  • Fix the use of GNUInstallDirs variables and the pkgconfig file. Thanks @zeerd for reporting (see #240)

1.7.1

Fixes:

  • Fixed an Off-By-One error that could lead to an out of bounds write. Thanks @liuyunbin for reporting (see #230)
  • Fixed two errors with buffered printing. Thanks @liuyunbin for reporting (see #230)

1.7.0

Features:

  • Large rewrite of the documentation, see #215
  • Added the cJSON_GetStringValue function
  • Added the cJSON_CreateStringReference function
  • Added the cJSON_CreateArrayReference function
  • Added the cJSON_CreateObjectReference function
  • The cJSON_Add...ToObject macros are now functions that return a pointer to the added item, see #226

Fixes:

  • Fix a problem with GNUInstallDirs in the CMakeLists.txt, thanks @yangfl, see #210
  • Fix linking the tests when building as static library, see #213
  • New overrides for the CMake option BUILD_SHARED_LIBS, see #207

Other Changes:

  • Readme: Explain how to include cJSON, see #211
  • Removed some trailing spaces in the code, thanks @yangfl, see#212
  • Updated Unity and json-patch-tests

1.6.0

Features:

  • You can now build cJSON as both shared and static library at once with CMake using -DBUILD_SHARED_AND_STATIC_LIBS=On, see #178
  • UTF-8 byte order marks are now ignored, see #184
  • Locales can now be disabled with the option -DENABLE_LOCALES=Off, see #202, thanks @Casperinous
  • Better support for MSVC and Visual Studio

Other Changes:

  • Add the new warnings -Wswitch-enum, -Wused-but-makred-unused, -Wmissing-variable-declarations, -Wunused-macro
  • More number printing tests.
  • Continuous integration testing with AppVeyor (semi automatic at this point), thanks @simon-p-r

1.5.9

  • Set the global error pointer even if return_parse_end is passed to cJSON_ParseWithOpts. See #200, thanks @rmallins

1.5.8

  • Fix make test in the Makefile, thanks @YanhaoMo for reporting this (#195)

1.5.7

Fixes:

  • Fix a bug where realloc failing would return a pointer to an invalid memory address. This is a security issue as it could potentially be used by an attacker to write to arbitrary memory addresses. (see #189), fixed in (954d61e5e7), big thanks @timothyjohncarney for reporting this issue
  • Fix a spelling mistake in the AFL fuzzer dictionary (#185), thanks @jwilk

1.5.6

Fixes:

  • Make cJSON a lot more tolerant about passing NULL pointers to its functions, it should now fail safely instead of dereferencing the pointer. (#183) Thanks @msichal for reporting #182

1.5.5

Fixes:

  • Fix pointers to nested arrays in cJSON_Utils (9abe75e072)
  • Fix an error with case sensitivity handling in cJSON_Utils (b9cc911831)
  • Fix cJSON_Compare for arrays that are prefixes of the other and objects that are a subset of the other (03ba72faec) See #180, thanks @zhengqb for reporting

1.5.4

Fixes:

  • Fix build with GCC 7.1.1 and optimization level -O2 (bfbd8fe0d8)

Other Changes:

  • Update Unity to 3b69beaa58efc41bbbef70a32a46893cae02719d

1.5.3

Fixes:

  • Fix cJSON_ReplaceItemInObject not keeping the name of an item (#174)

1.5.2

Fixes:

  • Fix a reading buffer overflow in parse_string (a167d9e381)
  • Fix compiling with -Wcomma (186cce3ece)
  • Remove leftover attribute from tests (b537ca70a3)

1.5.1

Fixes:

  • Add gcc version guard to the Makefile (#164), thanks @juvasquezg
  • Fix incorrect free in cJSON_Utils if custom memory allocator is used (#166), thanks @prefetchnta

1.5.0

Features:

  • cJSON finally prints numbers without losing precision (#153) thanks @DeboraG
  • cJSON_Compare recursively checks if two cJSON items contain the same values (#148)
  • Provide case sensitive versions of every function where it matters (#158, #159)
  • Added cJSON_ReplaceItemViaPointer and cJSON_DetachItemViaPointer
  • Added cJSON_free and cJSON_malloc that expose the internal configured memory allocators. (02a05eea4e)

Enhancements:

  • Parse into a buffer, this will allow parsing \u0000 in the future (not quite yet though)
  • General simplifications and readability improvements
  • More unit tests
  • Update unity testing library to 2.4.1
  • Add the json-patch-tests test suite to test cJSON_Utils.
  • Move all tests from test_utils.c to unit tests with unity.

Fixes:

  • Fix some warnings with the Microsoft compiler (#139) thanks @PawelWMS
  • Fix several bugs in cJSON_Utils, mostly found with json-patch-tests
  • Prevent a stack overflow by specifying a maximum nesting depth CJSON_NESTING_LIMIT

Other Changes:

  • Move generated files in the library_config subdirectory.

1.4.7

Fixes:

  • Fix cJSONUtils_ApplyPatches, it was completely broken and apparently nobody noticed (or at least reported it) (075a06f40b)
  • Fix inconsistent prototype for cJSON_GetObjectItemCaseSensitive (51d3df6c9f) thanks @PawelWMS

1.4.6

Fixes:

  • Several corrections in the README
  • Making clear that valueint should not be written to
  • Fix overflow detection in ensure (2683d4d987)
  • Fix a potential null pointer dereference in cJSON_Utils (795c3acabe)
  • Replace incorrect sizeof('\0') with sizeof("") (84237ff48e)
  • Add caveats section to the README (50b3c30dfa)
  • Make cJSON locale independent (#146) Thanks @peterh for reporting
  • Fix compiling without CMake with MSVC (#147) Thanks @dertuxmalwieder for reporting

1.4.5

Fixes:

  • Fix bug in cJSON_SetNumberHelper, thanks @mmkeeper (#138 ef34500693)
  • Workaround for internal compiler error in GCC 5.4.0 and 6.3.1 on x86 (2f65e80a34 GCC bugreport)

1.4.4

Fixes:

  • Fix a theoretical integer overflow, (not sure if it is possible on actual hardware) e58f7ec027
  • Fix an off by one error (cc84a446be), thanks @gatzka
  • Double check the offset of the print buffer in ensure (1934059554)

Improvements:

  • Add a note in the header about required buffer size when using cJSON_PrintPreallocated (4bfb880093)

1.4.3

Fixes:

  • Fix compilation of the tests on 32 bit PowerPC and potentially other systems (4ec6e76ea2)
  • Fix compilation with old GCC compilers (4.3+ were tested) (227d3398d6, 466eb8e3f8), see also #126

1.4.2

Fixes:

  • Fix minimum required cmake version (30e1e7af7c)
  • Fix detection of supported compiler flags (76e5296d0d)
  • Run cJSON_test and cJSON_test_utils along with unity tests (c597601cf1)

1.4.1

Fix: Make print_number abort with a failure in out of memory situations (cf1842dc6f)

1.4.0

Features

  • Functions to check the type of an item (#120)
  • Use dllexport on windows and fvisibility on Unix systems for public functions (#116), thanks @mjerris
  • Remove trailing zeroes from printed numbers (#123)
  • Expose the internal boolean type cJSON_bool in the header (2d3520e0b9)

Fixes

  • Fix handling of NULL pointers in cJSON_ArrayForEach (b47d0e34ca)
  • Make it compile with GCC 7 (fix -Wimplicit-fallthrough warning) (9d07917feb)

Other Improvements

  • internally use realloc if available (#110)
  • builtin support for fuzzing with afl (#111)
  • unit tests for the print functions (#112)
  • Always use buffered printing (#113)
  • simplify the print functions (#114)
  • Add the compiler flags -Wdouble-conversion, -Wparentheses and -Wcomma (#122)

1.3.2

Fix:

  • Don't build the unity library if testing is disabled ( #121 ). Thanks @ffontaine

1.3.1

Bugfix release that fixes an out of bounds read #118. This shouldn't have any security implications.

1.3.0

This release includes a lot of rework in the parser and includes the Cunity unit testing framework, as well as some fixes. I increased the minor version number because there were quite a lot of internal changes.

Features:

  • New type for cJSON structs: cJSON_Invalid (#108)

Fixes:

  • runtime checks for a lot of potential integer overflows
  • fix incorrect return in cJSON_PrintBuffered (cf9d57d56c)
  • fix several potential issues found by Coverity
  • fix potentially undefined behavior when assigning big numbers to valueint (41e2837df1)
    • Numbers exceeding INT_MAX or lower than INT_MIN will be explicitly assigned to valueint as INT_MAX and INT_MIN respectively (saturation on overflow).
    • fix the cJSON_SetNumberValue macro (87f77274de), this slightly changes the behavior, see commit message

Introduce unit tests

Started writing unit tests with the Cunity testing framework. Currently this covers the parser functions.

Also:

Simplifications

After having unit tests for the parser function in place, I started refactoring the parser functions (as well as others) and making them easier to read and maintain.

  • Use strtod from the standard library for parsing numbers (0747669972)
  • Use goto-fail in several parser functions (#100)
  • Rewrite/restructure all of the parsing functions to be easier to understand and have less code paths doing the same as another. (#109)
  • Simplify the buffer allocation strategy to always doubling the needed amount (9f6fa94c91)
  • Combined cJSON_AddItemToObject and cJSON_AddItemToObjectCS to one function (cf862d0fed)

Other changes

  • Prevent the usage of incompatible C and header versions via preprocessor directive (123bb1af7b)
  • Let CMake automatically detect compiler flags
  • Add new compiler flags (-Wundef, -Wswitch-default, -Wconversion, -fstack-protector-strong) (#98)
  • Change internal sizes from int to size_t (ecd5678527)
  • Change internal strings from char* to unsigned char* (28b9ba4334)
  • Add const in more places

1.2.1

Fixes:

  • Fixes a potential null pointer dereference in cJSON_Utils, discovered using clang's static analyzer by @bnason-nf (#96)

1.2.0

Features:

  • Add a new type of cJSON item for raw JSON and support printing it. Thanks @loigu (#65, #90)

Fixes:

  • Compiler warning if const is casted away, Thanks @gatzka (#83)
  • Fix compile error with strict-overflow on PowerPC, (#85)
  • Fix typo in the README, thanks @MicroJoe (#88)
  • Add compile flag for compatibility with C++ compilers

1.1.0

  • Add a function cJSON_PrintPreallocated to print to a preallocated buffer, thanks @ChisholmKyle (#72)
  • More compiler warnings when using Clang or GCC, thanks @gatzka (#75, #78)
  • fixed a memory leak in cJSON_Duplicate, thanks @alperakcan (#81)
  • fix the ENABLE_CUSTOM_COMPILER_FLAGS cmake option

1.0.2

Rename internal boolean type, see #71.

1.0.1

Small bugfix release.

  • Fixes a bug with the use of the cJSON structs type in cJSON_Utils, see d47339e274
  • improve code readability
  • initialize all variables

1.0.0

This is the first official versioned release of cJSON. It provides an API version for the shared library and improved Makefile and CMake build files.