Fix CVE-2020-12762.

This commit is a squashed backport of the following commits on the master branch: * 099016b7e8 * 77d935b7ae * d07b910149 * 519dfe1591 * a59d5acfab
2026-03-29 09:59:06 +08:00 · 2020-05-14 12:32:30 +02:00
parent 0daf8dc826
commit 865b5a6519
5 changed files with 74 additions and 21 deletions
--- a/tests/test4.c
+++ b/tests/test4.c
@@ -2,9 +2,11 @@
 * gcc -o utf8 utf8.c -I/home/y/include -L./.libs -ljson
 */

-#include <stdio.h>
-#include <string.h>
 #include "config.h"
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>

 #include "json_inttypes.h"
 #include "json_object.h"
@@ -24,6 +26,29 @@ void print_hex(const char* s)
 	putchar('\n');
 }

+static void test_lot_of_adds(void);
+static void test_lot_of_adds()
+{
+	int ii;
+	char key[50];
+	json_object *jobj = json_object_new_object();
+	assert(jobj != NULL);
+	for (ii = 0; ii < 500; ii++)
+	{
+		snprintf(key, sizeof(key), "k%d", ii);
+		json_object *iobj = json_object_new_int(ii);
+		assert(iobj != NULL);
+		if (json_object_object_add(jobj, key, iobj))
+		{
+			fprintf(stderr, "FAILED to add object #%d\n", ii);
+			abort();
+		}
+	}
+	printf("%s\n", json_object_to_json_string(jobj));
+	assert(json_object_object_length(jobj) == 500);
+	json_object_put(jobj);
+}
+
 int main(void)
 {
 	const char *input = "\"\\ud840\\udd26,\\ud840\\udd27,\\ud800\\udd26,\\ud800\\udd27\"";
@@ -49,5 +74,8 @@ int main(void)
 		retval = 1;
 	}
 	json_object_put(parse_result);
+
+	test_lot_of_adds();
+
 	return retval;
 }
--- a/tests/test4.expected
+++ b/tests/test4.expected