cJSON

mirror of Dave's cJSON
git clone git://git.thc420.xyz/cJSON
Log | Files | Refs | README | LICENSE

commit 94117a5d239bd7686b485e2f820e79a522f0fd19
parent c3bd4463bed961340bf736da5b1b3eeac453160d
Author: Max Bruckner <max@maxbruckner.de>
Date:   Wed, 15 Feb 2017 15:37:38 +0100

Fix #105, double free when parse_string fails

This fixes a double free that happens when calling cJSON_Delete on an
item that has been used by parse_string and it failed parsing the
string.

The double free happens, because parse_string frees an alias of
item->valuestring, but doesn't set item->valuestring to NULL.

Diffstat:
McJSON.c | 3++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/cJSON.c b/cJSON.c @@ -468,7 +468,6 @@ static const unsigned char *parse_string(cJSON *item, const unsigned char *str, { goto fail; } - item->valuestring = (char*)out; /* assign here so out will be deleted during cJSON_Delete() later */ item->type = cJSON_String; ptr = str + 1; @@ -608,6 +607,8 @@ static const unsigned char *parse_string(cJSON *item, const unsigned char *str, ptr++; } + item->valuestring = (char*)out; + return ptr; fail: