mirror/json-c
1
0
Fork 0
mirror of https://github.com/json-c/json-c.git synced 2026-03-13 18:19:06 +08:00
Code Issues Packages Projects Releases Wiki Activity
312 Commits 14 Branches 11 Tags
5ec26015b8d2eba22989a8f83537d0c9a9f760fe
Commit Graph

312 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Eric Haszlakiewicz
5ec26015b8 Add doxygen-generated docs for the 0.12 release. json-c-0.12-20140410 2014-04-10 22:35:45 -04:00
Eric Haszlakiewicz
3c94cdd1af Bump the version numbers for the 0.12 release. 2014-04-10 22:03:03 -04:00
Eric Haszlakiewicz
b623741e3d Add automake/autoconf generated files for the 0.12 release. 2014-04-10 22:02:36 -04:00
Eric Haszlakiewicz
f84d9c55db Update the ChangeLog with the changes for the 0.12 release. 
Bump the version in the release checklist.
 2014-04-10 21:07:20 -04:00
Michael Clark
64e36901a0 Patch to address the following issues: 
* CVE-2013-6371: hash collision denial of service
* CVE-2013-6370: buffer overflow if size_t is larger than int
 2014-04-09 13:48:21 +08:00
Eric Haszlakiewicz
784534a31f Eliminate the deprecated mc_abort() function and MC_ABORT macro. 2014-03-22 21:48:34 -04:00
Eric Haszlakiewicz
f9136f6852 Make the json_tokener_errors array local. It has been deprecated for a while, and json_tokener_error_desc() should be used instead. 2014-03-22 21:41:24 -04:00
Eric Haszlakiewicz
936d036ea3 Simplify the tests Makefile to avoid repeating the name of each test. 2014-03-22 21:40:37 -04:00
Eric Haszlakiewicz
e2bbb5664c Rename the "test_case" test to "test_charcase" to make it slightly less confusing. 2014-03-22 21:15:41 -04:00
Eric Haszlakiewicz
9f26d96f09 Fix warnings from autoconf about "...no AC_LANG_SOURCE call detected..." by adding that call within the AC_LINK_IFELSE call. 2014-03-22 19:15:01 -04:00
Eric Haszlakiewicz
05da316b9c Issue #103: allow Infinity and -Infinity to be parsed. 2014-03-22 17:28:40 -04:00
Eric Haszlakiewicz
217bc29352 Merge pull request #123 from fingon/use-NAN-if-available 
nan function requires -lm on some platforms - use of NAN is better, if available
 2014-03-22 13:39:36 -04:00
Markus Stenberg
a1c8991e13 nan function requires -lm on some platforms; use of NAN is better, if available. 2014-03-18 16:29:49 +02:00
Eric Haszlakiewicz
0eedf3802f Issue#102 - add support for parsing "NaN". 2014-03-09 16:41:33 -04:00
Eric Haszlakiewicz
e6f1322b5e Issue#114: check for the presence of isnan and isinf, and provide compat macros on MSCV where _isnan and _finite exist instead. 2014-03-02 12:16:37 -05:00
Eric Haszlakiewicz
db117ca02b Merge pull request #121 from TazeTSchnitzel/LowercaseLiterals 
Missing lowercase literals test
 2014-02-12 13:37:17 -05:00
Andrea Faulds
cf23e7506e Merge branch 'master' into LowercaseLiterals 2014-02-12 09:52:25 +00:00
Andrea Faulds
1d6f9140ba Missing tests 2014-02-12 09:51:51 +00:00
Eric Haszlakiewicz
4c086dfff7 Merge commit '89535bb' 2014-02-11 23:57:24 -05:00
Eric Haszlakiewicz
020fa65724 Merge pull request #112 from TazeTSchnitzel/LowercaseLiterals 
Only allow lowercase literals in STRICT mode
 2014-02-11 23:21:50 -05:00
Eric Haszlakiewicz
56df93d128 Fix Issue #111: Fix off-by-one error when range checking the input to json_tokener_error_desc(). 2014-02-11 23:16:53 -05:00
Eric Haszlakiewicz
ceeaf42bc8 Merge pull request #109 from kdopen/use_strtod 
Avoid potential overflow in json_object_get_double
 2014-02-11 23:13:19 -05:00
Eric Haszlakiewicz
b821f0e10f Merge branch 'ebassi-master' 2014-02-11 23:06:19 -05:00
Eric Haszlakiewicz
c8e0497d47 Merge branch 'master' of https://github.com/ebassi/json-c into ebassi-master 
Conflicts:
	Makefile.am
 2014-02-11 23:05:54 -05:00
Eric Haszlakiewicz
295bea21d0 Ignore and cleanup a few more files that automake creates. 2014-02-11 23:03:46 -05:00
Eric Haszlakiewicz
a2c078fc6e Issue#105: Rename configure.in to configure.ac 2014-02-11 22:55:52 -05:00
Eric Haszlakiewicz
c8ee919642 Remove the old libjson.so name compatibility support. The library is only created as libjson-c.so now and headers are only installed into the ${prefix}/json-c directory. 2014-02-11 22:49:59 -05:00
Ross Burton
89535bb1ff build: call AM_PROG_CC_C_O as requested by autoreconf 2013-11-18 16:25:14 +00:00
Andrea Faulds
bda0540cb9 Only allow lowercase literals in STRICT mode 2013-11-14 21:13:32 +00:00
Keith Derrick
c51b88d69a Avoid potential overflow in json_object_get_double 
sscanf is always a potential problem when converting numeric
values as it does not correctly handle over- and underflow
(or at least gives no indication that it has done so).

This change converts json_object_get_double() to use strtod()
according to CERT guidelines.
 2013-10-01 10:17:00 -07:00
Emmanuele Bassi
311686f63e Add a check for the -Bsymbolic-functions linker flag 
The -Bsymbolic-functions linker flag reduces the amount of PLT jumps in
a shared object, and has a side effect of preventing symbol collisions
in libraries and applications linking against two different shared
objects exposing the same symbol.

While the former is (generally) a performance win, the latter is less
rare than expected. For instance, PulseAudio started linking against
json-c a while ago; now, every project linking against PulseAudio is
leaking json-c symbols. In the GNOME platform, this means that projects
linking against PulseAudio cannot be safely linked against other
libraries depending on the GLib-based JSON parsing libraries JSON-GLib,
because of a symbol conflict. Nominally, this conflict would not be an
issue: libraries and applications do not need to depend on two different
JSON parsing libraries; the symbol leakage, though, ends up causing
either segmentation faults, or weird errors. For further reference,
please see: https://bugzilla.gnome.org/show_bug.cgi?id=703734

JSON-GLib already switched to using -Bsymbolic-functions, but it would
be safe if json-c did the same, wherever the linker flag is available.
 2013-09-17 13:08:14 +01:00
Eric Haszlakiewicz
06450206c4 Issue #59: change the floating point output format to %.17g so values with more than 6 digits show up in the output. 2013-09-11 21:09:43 -05:00
Eric Haszlakiewicz
a23caf677c Use sizeof instead of hard coded values when calling snprintf. 2013-09-11 20:28:56 -05:00
Eric Haszlakiewicz
51993c28c2 Added a json_object_new_double_s() convenience function to allow an exact string representation of a double to be specified when creating the object and use it in json_tokener_parse_ex() so a re-serialized object more exactly matches the input. 
Add json_object_free_userdata() and json_object_userdata_to_json_string() too.
 2013-09-11 20:27:39 -05:00
Eric Haszlakiewicz
b83e0f1182 Ignore the test-driver script that is now created, and the script for the test_locale test. 2013-09-08 17:30:54 -05:00
Eric Haszlakiewicz
60e4990d1d The updated test driver creates .log and .trs files; ignore them. 2013-09-08 17:23:24 -05:00
Eric Haszlakiewicz
8d18815f8a strndup is gone, remove it from the README file. 2013-09-08 17:21:52 -05:00
Eric Haszlakiewicz
b939bd3768 Merge pull request #97 from pascal-bach/master 
Add const qualifiers to json_object_to_file and json_object_to_file_ext
 2013-09-08 13:36:40 -07:00
Eric Haszlakiewicz
ef43fe3571 Merge pull request #96 from rouault/remove_strdnup 
Remove redefinition of strndup() which is no longer used in the codebase
 2013-09-08 13:35:28 -07:00
Eric Haszlakiewicz
a030120c55 Merge pull request #95 from rouault/extern_json_object_set_serializer 
Add extern to json_object_set_serializer so that it gets exported (Windows fix)
 2013-09-08 13:33:22 -07:00
Eric Haszlakiewicz
02aa6f01f4 Merge pull request #94 from remicollet/issue-strict2 
more strictness
 2013-09-08 13:29:05 -07:00
Eric Haszlakiewicz
8356ecc16b Merge pull request #93 from tmielika/master 
fixing problem that isinf(-Inf) can be 1 or -1
 2013-09-08 13:26:56 -07:00
Eric Haszlakiewicz
bd42b8310d Merge pull request #104 from rouault/fix_json_tokener_error_desc_out_of_bounds_read 
Fix potential out-of-bounds read in json_tokener_error_desc
 2013-09-08 13:20:08 -07:00
Even Rouault
86dd55a74a Fix potential out-of-bounds read in json_tokener_error_desc 
Found by Coverity. The number of elements of an array 'ar' is found by
sizeof(ar)/sizeof(ar[0]) and not sizeof(ar)

76const char *json_tokener_error_desc(enum json_tokener_error jerr)
 77{
 78        int jerr_int = (int)jerr;

1. Condition "jerr_int < 0", taking false branch

2. Condition "jerr_int > 112 /* (int)sizeof (gdal_json_tokener_errors) */", taking false branch
 79        if (jerr_int < 0 || jerr_int > (int)sizeof(json_tokener_errors))
 80                return "Unknown error, invalid json_tokener_error value passed to json_tokener_error_desc()";

CID 1076806 (#1 of 1): Out-of-bounds read (OVERRUN)3. overrun-local: Overrunning array "gdal_json_tokener_errors" of 14 8-byte elements at element index 112 (byte offset 896) using index "jerr" (which evaluates to 112).
 81        return json_tokener_errors[jerr];
 82}
 2013-09-08 11:31:38 +02:00
Remi Collet
4039f91cab trailing char not allowed in strict mode 2013-08-23 13:40:01 +02:00
Remi Collet
87fa32dfe0 no comment in strict mode 2013-08-21 15:41:40 +02:00
Pascal Bach
20e4708c8a Update json_util 
filename should be passed as const char* to functions
json_object_to_file and json_object_to_file
 2013-08-13 18:27:02 +02:00
Even Rouault
1a957c2edc Remove redefinition of strndup() which is no longer used in the codebase 2013-08-12 20:49:19 +02:00
Even Rouault
6c4bb3840c Add extern to json_object_set_serializer so that it gets exported (Windows fix) 2013-08-11 01:18:17 +02:00
Remi Collet
a07ef3d197 no single-quote string in strict mode 2013-08-06 10:41:14 +02:00