Fix CVE-2020-12762.

This commit is a squashed and slightly modified backport of the following commits on the master branch: * 77d935b * d07b910 * 519dfe1 * a59d5ac
2026-03-28 17:39:07 +08:00 · 2020-05-15 20:38:40 +02:00
parent 97ef11033a
commit d706c0bc93
4 changed files with 60 additions and 4 deletions
--- a/tests/test4.c
+++ b/tests/test4.c
@@ -2,9 +2,11 @@
 * gcc -o utf8 utf8.c -I/home/y/include -L./.libs -ljson
 */

-#include <stdio.h>
-#include <string.h>
 #include "config.h"
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>

 #include "json_inttypes.h"
 #include "json_object.h"
@@ -24,6 +26,30 @@ void print_hex( const char* s)
 	printf("\n");
 }

+static void test_lot_of_adds(void);
+static void test_lot_of_adds()
+{
+	int ii;
+	char key[50];
+	json_object *jobj = json_object_new_object();
+	assert(jobj != NULL);
+	for (ii = 0; ii < 500; ii++)
+	{
+		snprintf(key, sizeof(key), "k%d", ii);
+		json_object *iobj = json_object_new_int(ii);
+		assert(iobj != NULL);
+		json_object_object_add(jobj, key, iobj);
+		if (json_object_object_get_ex(jobj, key, &iobj) == FALSE)
+		{
+			fprintf(stderr, "FAILED to add object #%d\n", ii);
+			abort();
+		}
+	}
+	printf("%s\n", json_object_to_json_string(jobj));
+	assert(json_object_object_length(jobj) == 500);
+	json_object_put(jobj);
+}
+
 int main()
 {
 	const char *input = "\"\\ud840\\udd26,\\ud840\\udd27,\\ud800\\udd26,\\ud800\\udd27\"";
@@ -49,5 +75,8 @@ int main()
 		retval = 1;
 	}
 	json_object_put(parse_result);
+
+	test_lot_of_adds();
+
 	return retval;
 }
--- a/tests/test4.expected
+++ b/tests/test4.expected