Release 1.3.1

prevent read beyond end of buffer when string ends with malformed utf

CMakeLists.txt

@@ -9,7 +9,7 @@ project(cJSON C)
 
 set(PROJECT_VERSION_MAJOR 1)
 set(PROJECT_VERSION_MINOR 3)
-set(PROJECT_VERSION_PATCH 0)
+set(PROJECT_VERSION_PATCH 1)
 set(CJSON_VERSION_SO 1)
 set(CJSON_UTILS_VERSION_SO 1)
 set(PROJECT_VERSION "${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}.${PROJECT_VERSION_PATCH}")

Makefile

@@ -10,7 +10,7 @@ UTILS_TEST_SRC = cJSON.c cJSON_Utils.c test_utils.c
 
 LDLIBS = -lm
 
-LIBVERSION = 1.3.0
+LIBVERSION = 1.3.1
 CJSON_SOVERSION = 1
 UTILS_SOVERSION = 1
 

cJSON.c

@@ -45,7 +45,7 @@ const char *cJSON_GetErrorPtr(void)
 }
 
 /* This is a safeguard to prevent copy-pasters from using incompatible C and header files */
-#if (CJSON_VERSION_MAJOR != 1) || (CJSON_VERSION_MINOR != 3) || (CJSON_VERSION_PATCH != 0)
+#if (CJSON_VERSION_MAJOR != 1) || (CJSON_VERSION_MINOR != 3) || (CJSON_VERSION_PATCH != 1)
     #error cJSON.h and cJSON.c have different versions. Make sure that both have the same.
 #endif
 
@@ -422,8 +422,6 @@ static unsigned char utf16_literal_to_utf8(const unsigned char * const input_poi
     unsigned char utf8_length = 0;
     unsigned char sequence_length = 0;
 
-    /* get the first utf16 sequence */
-    first_code = parse_hex4(first_sequence + 2);
     if ((input_end - first_sequence) < 6)
     {
         /* input ends unexpectedly */
@@ -431,6 +429,9 @@ static unsigned char utf16_literal_to_utf8(const unsigned char * const input_poi
         goto fail;
     }
 
+    /* get the first utf16 sequence */
+    first_code = parse_hex4(first_sequence + 2);
+
     /* check that the code is valid */
     if (((first_code >= 0xDC00) && (first_code <= 0xDFFF)) || (first_code == 0))
     {

cJSON.h

@@ -31,7 +31,7 @@ extern "C"
 /* project version */
 #define CJSON_VERSION_MAJOR 1
 #define CJSON_VERSION_MINOR 3
-#define CJSON_VERSION_PATCH 0
+#define CJSON_VERSION_PATCH 1
 
 /* returns the version of cJSON as a string */
 extern const char* cJSON_Version(void);