Systems without vasprintf fall back to implementation in header file
vasprintf_compat.h. This version could run into heap overflow issues
with very long arguments or formats provoking a lot of output.
The vsnprintf function returns a negative value if more than INT_MAX
characters would be written since its int return type could not
handle this (and %n couldn't handle it either).
Before testing for a possible error value the additional char for
\0 is already added. A -1 error code would not be detected.
Increment only after implicitly casting to an unsigned value to avoid
signed integer overflow if INT_MAX has been returned.
Use va_copy to duplicate the original ap argument for multiple uses
on non-WIN32 systems. At least with glibc the test suite would fail
because the arguments are not reset after leaving the vsnprintf call.
Removed support for apparently very old glibc versions which do not
comply with vsnprintf standard descriptions. It breaks support for
modern ones which are not forced to return -1 in case of error. The
standard specifies merely "a negative value".
How to reproduce:
- Use a system without vasprintf
- Alternatively remove -D_GNU_SOURCE from CMakeLists.txt
- Compile and run:
#include "json.h"
int main(void) {
struct printbuf *pb = printbuf_new();
sprintbuf(pb, "prefix %2147483647s", "*");
printbuf_free(pb);
return 0;
}
The file was only be closed when there was no error and
was being left open when there was an error. By moving
the close(fd) statement out of the if-clause, the file
can be close regardless if there is an error or not.
After the file is closed, it can be checked for errors.
This makes Coverity Scan happier since it believes that the initial
check ``if (!src->_userdata && !src->_user_delete)`` could mean that
src->_user_data may be nullptr.
Current behaviour is perfectly valid, since wrap-over upon overflow is
well defined behaviour for unsigned types, but it is nevertheless nice to be
able to build with -fsanitize=undefined,unsigned-integer-overflow
There is no significant effect on the generated assembly as can be seen
on the diff of objdump -d output on a optimized build (the compiler
just decided to switch the order of a comparison):
@@ -135,8 +135,8 @@
1d0: 0f 84 70 ff ff ff je 146 <json_escape_str+0x146>
1d6: 4c 3b 24 24 cmp (%rsp),%r12
1da: 0f 85 2d ff ff ff jne 10d <json_escape_str+0x10d>
- 1e0: 49 39 f4 cmp %rsi,%r12
- 1e3: 0f 87 b7 00 00 00 ja 2a0 <json_escape_str+0x2a0>
+ 1e0: 4c 39 e6 cmp %r12,%rsi
+ 1e3: 0f 82 b7 00 00 00 jb 2a0 <json_escape_str+0x2a0>
1e9: 48 8b 44 24 18 mov 0x18(%rsp),%rax
1ee: 64 48 33 04 25 28 00 xor %fs:0x28,%rax
1f5: 00 00
This change introduces JSON_C_OBJECT_ADD_CONSTANT_KEY
as a replacement of JSON_C_OBJECT_KEY_IS_CONSTANT.
The description of json_object_object_add_ex tells to
look at the flags JSON_C_OBJECT_ADD_* but it is not
for JSON_C_OBJECT_KEY_IS_CONSTANT.
From the point of vue of a developper using json-c,
the function json_object_object_add_ex is mainly used,
not the hash facility, it seems more natural to provide
a regular naming of prefix JSON_C_OBJECT_ADD_CONSTANT_KEY.
The failure path taken in the event of printbuf_new() returning NULL
calls free() on tok->stack after already having freed tok. Swap the
order of the two calls to fix an obvious memory access violation.
Fixes: bcb6d7d347 ("Handle allocation failure in json_tokener_new_ex")
Signed-off-by: Juuso Alasuutari <juuso.alasuutari@gmail.com>
This is to fix the behavior that might've changed between older versions of clang-format, I'm not sure.
Version 10 tries to put the bracket on the same line as case without this.
