pool/cJSON
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity

Compare commits

base: pool:slfo-main
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main
..
compare: pool:factory
Branches Tags
pool:factory pool:slfo-1.2 pool:slfo-main

4 Commits
slfo-main ... factory

Author SHA256 Message Date
Ana Guerrero
d36283aba8 Accepting request 1307970 from devel:libraries:c_c++ 
OBS-URL: https://build.opensuse.org/request/show/1307970
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cJSON?expand=0&rev=9
 2025-09-30 15:38:56 +00:00
Martin Hauke
db47cf2b8f Add bug references for fixed CVEs 
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/cJSON?expand=0&rev=19
 2025-09-29 19:18:26 +00:00
Ana Guerrero
c2cfd04016 Accepting request 1307519 from devel:libraries:c_c++ 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1307519
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cJSON?expand=0&rev=8
 2025-09-29 14:32:19 +00:00
Martin Hauke
5248c5c046 Accepting request 1306189 from home:mnhauke 
- Update to version 1.7.19
  * Check for NULL in cJSON_DetachItemViaPointer.
  * Check overlap before calling strcpy in cJSON_SetValuestring.
  * Fix Max recursion depth for cJSON_Duplicate to prevent stack
    exhaustion.
  * Allocate memory for the temporary buffer when paring numbers.
    This fixes CVE-2023-26819.
  * Fix the incorrect check in decode_array_index_from_pointer.
    This fixes CVE-2025-57052
- Remove not longer needed patch:
  * cJSON-1.7.18-misc_tests.patch

OBS-URL: https://build.opensuse.org/request/show/1306189
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/cJSON?expand=0&rev=17
 2025-09-22 09:11:52 +00:00
5 changed files with 22 additions and 71 deletions
Expand all files Collapse all files

60
cJSON-1.7.18-misc_tests.patch
View File

@@ -1,60 +0,0 @@
From 5b502cdbfb21fbe5f6cf9ffbd2b96e4281a741e6 Mon Sep 17 00:00:00 2001
From: Alanscut <wp_scut@163.com>
Date: Thu, 9 May 2024 10:45:16 +0800
Subject: [PATCH] feat: add tests for #842
Add some tests for setting NULL to deallocated pointers
releated to #842 and #833
---
tests/CMakeLists.txt | 1 +
tests/misc_tests.c | 18 ++++++++++++++++++
2 files changed, 19 insertions(+)
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index c7592213..9e8962f6 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -62,6 +62,7 @@ if(ENABLE_CJSON_TEST)
option(ENABLE_VALGRIND OFF "Enable the valgrind memory checker for the tests.")
if (ENABLE_VALGRIND)
+ add_compile_definitions(ENABLE_VALGRIND)
find_program(MEMORYCHECK_COMMAND valgrind)
if ("${MEMORYCHECK_COMMAND}" MATCHES "MEMORYCHECK_COMMAND-NOTFOUND")
message(WARNING "Valgrind couldn't be found.")
diff --git a/tests/misc_tests.c b/tests/misc_tests.c
index ba3e003e..94dd91aa 100644
--- a/tests/misc_tests.c
+++ b/tests/misc_tests.c
@@ -732,6 +732,23 @@ static void cjson_set_bool_value_must_not_break_objects(void)
cJSON_Delete(sobj);
}
+static void deallocated_pointers_should_be_set_to_null(void)
+{
+ /* deallocated pointers should be set to null */
+ /* however, valgrind on linux reports when attempting to access a freed memory, we have to skip it */
+#ifndef ENABLE_VALGRIND
+ cJSON *string = cJSON_CreateString("item");
+ cJSON *root = cJSON_CreateObject();
+
+ cJSON_Delete(string);
+ free(string->valuestring);
+
+ cJSON_AddObjectToObject(root, "object");
+ cJSON_Delete(root->child);
+ free(root->child->string);
+#endif
+}
+
int CJSON_CDECL main(void)
{
UNITY_BEGIN();
@@ -762,6 +779,7 @@ int CJSON_CDECL main(void)
RUN_TEST(cjson_delete_item_from_array_should_not_broken_list_structure);
RUN_TEST(cjson_set_valuestring_to_object_should_not_leak_memory);
RUN_TEST(cjson_set_bool_value_must_not_break_objects);
+ RUN_TEST(deallocated_pointers_should_be_set_to_null);
return UNITY_END();
}

BIN
cJSON-1.7.18.tar.gz LFS
View File

Binary file not shown.

3
cJSON-1.7.19.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7fa616e3046edfa7a28a32d5f9eacfd23f92900fe1f8ccd988c1662f30454562
size 356247

15
cJSON.changes
View File

@@ -1,3 +1,18 @@
-------------------------------------------------------------------
Sun Sep 21 04:50:28 UTC 2025 - Martin Hauke <mardnh@gmx.de>
- Update to version 1.7.19
* Check for NULL in cJSON_DetachItemViaPointer.
* Check overlap before calling strcpy in cJSON_SetValuestring.
* Fix Max recursion depth for cJSON_Duplicate to prevent stack
exhaustion.
* Allocate memory for the temporary buffer when paring numbers.
This fixes CVE-2023-26819 (bsc#1241502).
* Fix the incorrect check in decode_array_index_from_pointer.
This fixes CVE-2025-57052 (bsc#1249112)
- Remove not longer needed patch:
* cJSON-1.7.18-misc_tests.patch
-------------------------------------------------------------------
Wed Jun 5 16:34:08 UTC 2024 - Dirk Müller <dmueller@suse.com>

12
cJSON.spec
View File

@@ -1,8 +1,8 @@
#
# spec file for package cJSON
#
# Copyright (c) 2024 SUSE LLC
# Copyright (c) 2020-2023, Martin Hauke <mardnh@gmx.de>
# Copyright (c) 2025 SUSE LLC and contributors
# Copyright (c) 2020-2025, Martin Hauke <mardnh@gmx.de>
# Copyright (c) 2024 Andreas Stieger <Andreas.Stieger@gmx.de>
#
# All modifications and additions to the file contributed by third parties
@@ -21,7 +21,7 @@
%global sover 1
%global libname libcjson%{sover}
Name: cJSON
Version: 1.7.18
Version: 1.7.19
Release: 0
Summary: JSON parser library written in ANSI C
License: MIT
@@ -29,7 +29,6 @@ Group: System/Libraries
URL: https://github.com/DaveGamble/cJSON
Source: https://github.com/DaveGamble/cJSON/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Patch0: cJSON-fix-cmake-include-path.patch
Patch1: cJSON-1.7.18-misc_tests.patch
BuildRequires: cmake
BuildRequires: pkgconfig
@@ -55,10 +54,7 @@ This subpackage contains libraries and header files for developing
applications that want to make use of libcjson.
%prep
%setup -q
# test is doing an access of freed memory which is undefined and glibc
# is poisioning our memory so it's failing
%patch -P1 -p1 -R
%autosetup -p1
%build
%cmake