Merge pull request #625 from besser82/topic/besser82/json-c-0.13/rdrand_fixes

json-c-0.13.x: Detect broken RDRAND during initialization.

CMakeLists.txt

@@ -1,8 +1,21 @@
 #Licensed under the MIT license. See LICENSE file in the project root for full license information.
 
 cmake_minimum_required(VERSION 2.8.7)
-cmake_policy(SET CMP0048 NEW)
-project(json-c VERSION 0.13.1)
+if(POLICY CMP0048)
+	cmake_policy(SET CMP0048 NEW)
+endif()
+
+# JSON-C library is C only project.
+if (CMAKE_VERSION VERSION_LESS 3.0)
+	project(json-c)
+	set(PROJECT_VERSION_MAJOR "0")
+	set(PROJECT_VERSION_MINOR "13")
+	set(PROJECT_VERSION_PATCH "1")
+	set(PROJECT_VERSION "${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}.${PROJECT_VERSION_PATCH}")
+else()
+	project(json-c LANGUAGES C VERSION 0.13.1)
+endif()
+
 
 
 include(CheckSymbolExists)
@@ -66,6 +79,7 @@ set(JSON_C_PUBLIC_HEADERS
     ./json_c_version.h
     ./json_inttypes.h
     ./json_object.h
+    ./json_object_iterator.h
     ./json_pointer.h
     ./json_tokener.h
     ./json_util.h

arraylist.c

@@ -135,6 +135,9 @@ array_list_del_idx( struct array_list *arr, size_t idx, size_t count )
 {
 	size_t i, stop;
 
+	/* Avoid overflow in calculation with large indices. */
+	if (idx > SIZE_T_MAX - count)
+		return -1;
 	stop = idx + count;
 	if ( idx >= arr->length || stop > arr->length ) return -1;
 	for ( i = idx; i < stop; ++i ) {

linkhash.c

@@ -12,12 +12,13 @@
 
 #include "config.h"
 
-#include <stdio.h>
-#include <string.h>
-#include <stdlib.h>
+#include <assert.h>
+#include <limits.h>
 #include <stdarg.h>
 #include <stddef.h>
-#include <limits.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
 
 #ifdef HAVE_ENDIAN_H
 # include <endian.h>    /* attempt to define endianness */
@@ -28,8 +29,8 @@
 # include <windows.h>   /* Get InterlockedCompareExchange */
 #endif
 
-#include "random_seed.h"
 #include "linkhash.h"
+#include "random_seed.h"
 
 /* hash functions */
 static unsigned long lh_char_hash(const void *k);
@@ -498,7 +499,9 @@ struct lh_table* lh_table_new(int size,
 	int i;
 	struct lh_table *t;
 
-	t = (struct lh_table*)calloc(1, sizeof(struct lh_table));
+	/* Allocate space for elements to avoid divisions by zero. */
+	assert(size > 0);
+	t = (struct lh_table *)calloc(1, sizeof(struct lh_table));
 	if (!t)
 		return NULL;
 
@@ -577,8 +580,12 @@ int lh_table_insert_w_hash(struct lh_table *t, const void *k, const void *v, con
 	unsigned long n;
 
 	if (t->count >= t->size * LH_LOAD_FACTOR)
-		if (lh_table_resize(t, t->size * 2) != 0)
+	{
+		/* Avoid signed integer overflow with large tables. */
+		int new_size = (t->size > INT_MAX / 2) ? INT_MAX : (t->size * 2);
+		if (t->size == INT_MAX || lh_table_resize(t, new_size) != 0)
 			return -1;
+	}
 
 	n = h % t->size;
 

linkhash.h

@@ -348,11 +348,11 @@ int lh_table_resize(struct lh_table *t, int new_size);
 /**
  * @deprecated Don't use this outside of linkhash.h:
  */
-#if !defined(_MSC_VER) || (_MSC_VER > 1800)
+#if (defined(AIX_CC) || (defined(_MSC_VER) && (_MSC_VER <= 1800)) )
 /* VS2010 can't handle inline funcs, so skip it there */
-#define _LH_INLINE inline
-#else
 #define _LH_INLINE
+#else
+#define _LH_INLINE inline
 #endif
 
 /**

printbuf.c

@@ -15,6 +15,7 @@
 
 #include "config.h"
 
+#include <limits.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -64,10 +65,16 @@ static int printbuf_extend(struct printbuf *p, int min_size)
 
 	if (p->size >= min_size)
 		return 0;
-
-	new_size = p->size * 2;
-	if (new_size < min_size + 8)
-		new_size =  min_size + 8;
+	/* Prevent signed integer overflows with large buffers. */
+	if (min_size > INT_MAX - 8)
+		return -1;
+	if (p->size > INT_MAX / 2)
+		new_size = min_size + 8;
+	else {
+		new_size = p->size * 2;
+		if (new_size < min_size + 8)
+			new_size = min_size + 8;
+	}
 #ifdef PRINTBUF_DEBUG
 	MC_DEBUG("printbuf_memappend: realloc "
 	  "bpos=%d min_size=%d old_size=%d new_size=%d\n",
@@ -82,14 +89,18 @@ static int printbuf_extend(struct printbuf *p, int min_size)
 
 int printbuf_memappend(struct printbuf *p, const char *buf, int size)
 {
-  if (p->size <= p->bpos + size + 1) {
-    if (printbuf_extend(p, p->bpos + size + 1) < 0)
-      return -1;
-  }
-  memcpy(p->buf + p->bpos, buf, size);
-  p->bpos += size;
-  p->buf[p->bpos]= '\0';
-  return size;
+	/* Prevent signed integer overflows with large buffers. */
+	if (size > INT_MAX - p->bpos - 1)
+		return -1;
+	if (p->size <= p->bpos + size + 1)
+	{
+		if (printbuf_extend(p, p->bpos + size + 1) < 0)
+			return -1;
+	}
+	memcpy(p->buf + p->bpos, buf, size);
+	p->bpos += size;
+	p->buf[p->bpos] = '\0';
+	return size;
 }
 
 int printbuf_memset(struct printbuf *pb, int offset, int charvalue, int len)
@@ -98,6 +109,9 @@ int printbuf_memset(struct printbuf *pb, int offset, int charvalue, int len)
 
 	if (offset == -1)
 		offset = pb->bpos;
+	/* Prevent signed integer overflows with large buffers. */
+	if (len > INT_MAX - offset)
+		return -1;
 	size_needed = offset + len;
 	if (pb->size < size_needed)
 	{

random_seed.c

@@ -26,20 +26,11 @@
 
 static void do_cpuid(int regs[], int h)
 {
-    __asm__ __volatile__(
-#if defined __x86_64__
-                         "pushq %%rbx;\n"
-#else
-                         "pushl %%ebx;\n"
-#endif
-                         "cpuid;\n"
-#if defined __x86_64__
-                         "popq %%rbx;\n"
-#else
-                         "popl %%ebx;\n"
-#endif
-                         : "=a"(regs[0]), [ebx] "=r"(regs[1]), "=c"(regs[2]), "=d"(regs[3])
+	/* clang-format off */
+    __asm__ __volatile__("cpuid"
+                         : "=a"(regs[0]), "=b"(regs[1]), "=c"(regs[2]), "=d"(regs[3])
                          : "a"(h));
+	/* clang-format on */
 }
 
 #elif defined _MSC_VER
@@ -53,12 +44,51 @@ static void do_cpuid(int regs[], int h)
 
 #if HAS_X86_CPUID
 
-static int has_rdrand()
+static int get_rdrand_seed(void);
+
+/* Valid values are -1 (haven't tested), 0 (no), and 1 (yes). */
+static int _has_rdrand = -1;
+
+static int has_rdrand(void)
 {
-    // CPUID.01H:ECX.RDRAND[bit 30] == 1
-    int regs[4];
-    do_cpuid(regs, 1);
-    return (regs[2] & (1 << 30)) != 0;
+	if (_has_rdrand != -1)
+	{
+		return _has_rdrand;
+	}
+
+	/* CPUID.01H:ECX.RDRAND[bit 30] == 1 */
+	int regs[4];
+	do_cpuid(regs, 1);
+	if (!(regs[2] & (1 << 30)))
+	{
+		_has_rdrand = 0;
+		return 0;
+	}
+
+	/*
+	 * Some CPUs advertise RDRAND in CPUID, but return 0xFFFFFFFF
+	 * unconditionally. To avoid locking up later, test RDRAND here. If over
+	 * 3 trials RDRAND has returned the same value, declare it broken.
+	 * Example CPUs are AMD Ryzen 3000 series
+	 * and much older AMD APUs, such as the E1-1500
+	 * https://github.com/systemd/systemd/issues/11810
+	 * https://linuxreviews.org/RDRAND_stops_returning_random_values_on_older_AMD_CPUs_after_suspend
+	 */
+	_has_rdrand = 0;
+	int prev = get_rdrand_seed();
+	for (int i = 0; i < 3; i++)
+	{
+		int temp = get_rdrand_seed();
+		if (temp != prev)
+		{
+			_has_rdrand = 1;
+			break;
+		}
+
+		prev = temp;
+	}
+
+	return _has_rdrand;
 }
 
 #endif
@@ -69,17 +99,19 @@ static int has_rdrand()
 
 #define HAVE_RDRAND 1
 
-static int get_rdrand_seed()
+static int get_rdrand_seed(void)
 {
-    DEBUG_SEED("get_rdrand_seed");
-    int _eax;
-    // rdrand eax
-    __asm__ __volatile__("1: .byte 0x0F\n"
-                         "   .byte 0xC7\n"
-                         "   .byte 0xF0\n"
-                         "   jnc 1b;\n"
-                         : "=a" (_eax));
-    return _eax;
+	DEBUG_SEED("get_rdrand_seed");
+	int _eax;
+	/* rdrand eax */
+	/* clang-format off */
+	__asm__ __volatile__("1: .byte 0x0F\n"
+	                     "   .byte 0xC7\n"
+	                     "   .byte 0xF0\n"
+	                     "   jnc 1b;\n"
+	                     : "=a" (_eax));
+	/* clang-format on */
+	return _eax;
 }
 
 #endif
@@ -109,7 +141,7 @@ static int get_rdrand_seed()
 	DEBUG_SEED("get_rdrand_seed");
 	int _eax;
 retry:
-	// rdrand eax
+	/* rdrand eax */
 	__asm _emit 0x0F __asm _emit 0xC7 __asm _emit 0xF0
 	__asm jnc retry
 	__asm mov _eax, eax
@@ -178,8 +210,14 @@ static int get_dev_random_seed()
 
 #define HAVE_CRYPTGENRANDOM 1
 
+/* clang-format off */
 #include <windows.h>
+
+/* Caution: these blank lines must remain so clang-format doesn't reorder
+   includes to put windows.h after wincrypt.h */
+
 #include <wincrypt.h>
+/* clang-format on */
 #ifndef __GNUC__
 #pragma comment(lib, "advapi32.lib")
 #endif

tests/test4.c

@@ -2,9 +2,11 @@
  * gcc -o utf8 utf8.c -I/home/y/include -L./.libs -ljson
  */
 
-#include <stdio.h>
-#include <string.h>
 #include "config.h"
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
 
 #include "json_inttypes.h"
 #include "json_object.h"
@@ -24,6 +26,29 @@ void print_hex(const char* s)
 	putchar('\n');
 }
 
+static void test_lot_of_adds(void);
+static void test_lot_of_adds()
+{
+	int ii;
+	char key[50];
+	json_object *jobj = json_object_new_object();
+	assert(jobj != NULL);
+	for (ii = 0; ii < 500; ii++)
+	{
+		snprintf(key, sizeof(key), "k%d", ii);
+		json_object *iobj = json_object_new_int(ii);
+		assert(iobj != NULL);
+		if (json_object_object_add(jobj, key, iobj))
+		{
+			fprintf(stderr, "FAILED to add object #%d\n", ii);
+			abort();
+		}
+	}
+	printf("%s\n", json_object_to_json_string(jobj));
+	assert(json_object_object_length(jobj) == 500);
+	json_object_put(jobj);
+}
+
 int main(void)
 {
 	const char *input = "\"\\ud840\\udd26,\\ud840\\udd27,\\ud800\\udd26,\\ud800\\udd27\"";
@@ -49,5 +74,8 @@ int main(void)
 		retval = 1;
 	}
 	json_object_put(parse_result);
+
+	test_lot_of_adds();
+
 	return retval;
 }