mirror/json-c
1
0
Fork 0
mirror of https://github.com/json-c/json-c.git synced 2026-03-24 07:29:07 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix an uninitialized memory access in json_pointer.

Browse Source 
Add comments describing when the fields of the internal struct json_pointer_get_result are valid.
This commit is contained in:
Eric Hawicz
2023-07-26 18:15:07 -04:00
parent efc530594b
commit a14a3a680c
3 changed files with 16 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
json_patch.c
View File

@@ -49,9 +49,9 @@ static int json_patch_apply_test(struct json_object **res,
static int __json_patch_apply_remove(struct json_pointer_get_result *jpres)
{
if (json_object_is_type(jpres->parent, json_type_array)) {
return json_object_array_del_idx(jpres->parent, jpres->id.index, 1);
} else if (jpres->parent && jpres->id.key) {
json_object_object_del(jpres->parent, jpres->id.key);
return json_object_array_del_idx(jpres->parent, jpres->index_in_parent, 1);
} else if (jpres->parent && jpres->key_in_parent) {
json_object_object_del(jpres->parent, jpres->key_in_parent);
return 0;
} else {
return json_object_put(jpres->obj);

17
json_pointer.c
View File

@@ -190,9 +190,9 @@ static int json_pointer_result_get_recursive(struct json_object *obj, char *path
res->parent = parent_obj;
res->obj = obj;
if (json_object_is_type(res->parent, json_type_array))
res->id.index = idx;
res->index_in_parent = idx;
else
res->id.key = path;
res->key_in_parent = path;
}
return 0;
@@ -228,11 +228,10 @@ int json_pointer_get_internal(struct json_object *obj, const char *path,
if (path[0] == '\0')
{
if (res) {
res->parent = NULL;
res->obj = obj;
}
res->id.key = NULL;
res->parent = NULL;
res->obj = obj;
res->key_in_parent = NULL;
res->index_in_parent = -1;
return 0;
}
@@ -244,8 +243,8 @@ int json_pointer_get_internal(struct json_object *obj, const char *path,
}
rc = json_pointer_result_get_recursive(obj, path_copy, res);
/* re-map the path string to the const-path string */
if (rc == 0 && res->id.key && !json_object_is_type(res->parent, json_type_array))
res->id.key = path + (res->id.key - path_copy);
if (rc == 0 && json_object_is_type(res->parent, json_type_object) && res->key_in_parent)
res->key_in_parent = path + (res->key_in_parent - path_copy);
free(path_copy);
return rc;

9
json_pointer_private.h
View File

@@ -19,10 +19,11 @@ extern "C" {
struct json_pointer_get_result {
struct json_object *parent;
struct json_object *obj;
union {
const char *key;
uint32_t index;
} id;
// The key of the found object; only valid when parent is json_type_object
// Caution: re-uses tail end of the `path` argument to json_pointer_get_internal
const char *key_in_parent;
// the index of the found object; only valid when parent is json_type_array
uint32_t index_in_parent;
};
int json_pointer_get_internal(struct json_object *obj, const char *path,