mirror/json-c
1
0
Fork 0
mirror of https://github.com/json-c/json-c.git synced 2026-04-09 07:19:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix use-after-free in json_tokener_new_ex()

Browse Source 
The failure path taken in the event of printbuf_new() returning NULL
calls free() on tok->stack after already having freed tok. Swap the
order of the two calls to fix an obvious memory access violation.

Fixes: bcb6d7d347 ("Handle allocation failure in json_tokener_new_ex")
Signed-off-by: Juuso Alasuutari <juuso.alasuutari@gmail.com>
This commit is contained in:
Juuso Alasuutari
2021-09-04 20:14:30 +03:00
parent dc1ef7d566
commit 9361d8d3a8
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
json_tokener.c
View File

@@ -164,8 +164,8 @@ struct json_tokener *json_tokener_new_ex(int depth)
tok->pb = printbuf_new(); tok->pb = printbuf_new();
if (!tok->pb) if (!tok->pb)
{ {
free(tok);
free(tok->stack); free(tok->stack);
free(tok);
return NULL; return NULL;
} }
tok->max_depth = depth; tok->max_depth = depth;