Release version 1.5.9

Fix error pointer behaviour of cJSON_ParseWithOpts()

CHANGELOG.md

@@ -1,3 +1,24 @@
+1.5.9
+=====
+* Set the global error pointer even if `return_parse_end` is passed to `cJSON_ParseWithOpts`. See #200, thanks @rmallins
+
+1.5.8
+=====
+* Fix `make test` in the Makefile, thanks @YanhaoMo for reporting this (#195)
+
+1.5.7
+=====
+Fixes:
+------
+* Fix a bug where realloc failing would return a pointer to an invalid memory address. This is a security issue as it could potentially be used by an attacker to write to arbitrary memory addresses. (see #189), fixed in (954d61e5e7cb9dc6c480fc28ac1cdceca07dd5bd), big thanks @timothyjohncarney for reporting this issue
+* Fix a spelling mistake in the AFL fuzzer dictionary (#185), thanks @jwilk
+
+1.5.6
+=====
+Fixes:
+------
+* Make cJSON a lot more tolerant about passing NULL pointers to its functions, it should now fail safely instead of dereferencing the pointer. (#183) Thanks @msichal for reporting #182
+
 1.5.5
 =====
 Fixes:

CMakeLists.txt

@@ -7,7 +7,7 @@ project(cJSON C)
 
 set(PROJECT_VERSION_MAJOR 1)
 set(PROJECT_VERSION_MINOR 5)
-set(PROJECT_VERSION_PATCH 5)
+set(PROJECT_VERSION_PATCH 9)
 set(CJSON_VERSION_SO 1)
 set(CJSON_UTILS_VERSION_SO 1)
 set(PROJECT_VERSION "${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}.${PROJECT_VERSION_PATCH}")

CONTRIBUTORS.md

@@ -15,6 +15,7 @@ Contributors
 * Ian Mobley
 * Irwan Djadjadi
 * [IvanVoid](https://github.com/npi3pak)
+* [Jakub Wilk](https://github.com/jwilk)
 * [Jiri Zouhar](https://github.com/loigu)
 * [Jonathan Fether](https://github.com/jfether)
 * [Julián Vásquez](https://github.com/juvasquezg)
@@ -29,6 +30,7 @@ Contributors
 * [Pawel Winogrodzki](https://github.com/PawelWMS)
 * [prefetchnta](https://github.com/prefetchnta)
 * [Rafael Leal Dias](https://github.com/rafaeldias)
+* [Robin Mallinson](https://github.com/rmallins)
 * [Rod Vagg](https://github.com/rvagg)
 * [Roland Meertens](https://github.com/rmeertens)
 * [Romain Porte](https://github.com/MicroJoe)

Makefile

@@ -8,7 +8,7 @@ CJSON_TEST_SRC = cJSON.c test.c
 
 LDLIBS = -lm
 
-LIBVERSION = 1.5.5
+LIBVERSION = 1.5.9
 CJSON_SOVERSION = 1
 UTILS_SOVERSION = 1
 
@@ -66,11 +66,10 @@ shared: $(CJSON_SHARED) $(UTILS_SHARED)
 
 static: $(CJSON_STATIC) $(UTILS_STATIC)
 
-tests: $(CJSON_TEST) $(UTILS_TEST)
+tests: $(CJSON_TEST)
 
 test: tests
 	./$(CJSON_TEST)
-	./$(UTILS_TEST)
 
 .c.o:
 	$(CC) -c $(R_CFLAGS) $<
@@ -150,4 +149,4 @@ clean:
 	$(RM) $(CJSON_OBJ) $(UTILS_OBJ) #delete object files
 	$(RM) $(CJSON_SHARED) $(CJSON_SHARED_VERSION) $(CJSON_SHARED_SO) $(CJSON_STATIC) #delete cJSON
 	$(RM) $(UTILS_SHARED) $(UTILS_SHARED_VERSION) $(UTILS_SHARED_SO) $(UTILS_STATIC) #delete cJSON_Utils
-	$(RM) $(CJSON_TEST) $(UTILS_TEST) #delete tests
+	$(RM) $(CJSON_TEST)  #delete test

cJSON.c

@@ -58,7 +58,7 @@ CJSON_PUBLIC(const char *) cJSON_GetErrorPtr(void)
 }
 
 /* This is a safeguard to prevent copy-pasters from using incompatible C and header files */
-#if (CJSON_VERSION_MAJOR != 1) || (CJSON_VERSION_MINOR != 5) || (CJSON_VERSION_PATCH != 5)
+#if (CJSON_VERSION_MAJOR != 1) || (CJSON_VERSION_MINOR != 5) || (CJSON_VERSION_PATCH != 9)
     #error cJSON.h and cJSON.c have different versions. Make sure that both have the same.
 #endif
 
@@ -377,6 +377,14 @@ static unsigned char* ensure(printbuffer * const p, size_t needed)
     {
         /* reallocate with realloc if available */
         newbuffer = (unsigned char*)p->hooks.reallocate(p->buffer, newsize);
+        if (newbuffer == NULL)
+        {
+            p->hooks.deallocate(p->buffer);
+            p->length = 0;
+            p->buffer = NULL;
+
+            return NULL;
+        }
     }
     else
     {
@@ -998,10 +1006,8 @@ fail:
         {
             *return_parse_end = (const char*)local_error.json + local_error.position;
         }
-        else
-        {
-            global_error = local_error;
-        }
+ 
+        global_error = local_error;
     }
 
     return NULL;
@@ -1111,6 +1117,7 @@ CJSON_PUBLIC(char *) cJSON_PrintBuffered(const cJSON *item, int prebuffer, cJSON
 
     if (!print_value(item, &p))
     {
+        global_hooks.deallocate(p.buffer);
         return NULL;
     }
 
@@ -1121,7 +1128,7 @@ CJSON_PUBLIC(cJSON_bool) cJSON_PrintPreallocated(cJSON *item, char *buf, const i
 {
     printbuffer p = { 0, 0, 0, 0, 0, 0, { 0, 0, 0 } };
 
-    if (len < 0)
+    if ((len < 0) || (buf == NULL))
     {
         return false;
     }
@@ -1652,17 +1659,25 @@ static cJSON_bool print_object(const cJSON * const item, printbuffer * const out
 /* Get Array size/item / object item. */
 CJSON_PUBLIC(int) cJSON_GetArraySize(const cJSON *array)
 {
-    cJSON *c = array->child;
-    size_t i = 0;
-    while(c)
+    cJSON *child = NULL;
+    size_t size = 0;
+
+    if (array == NULL)
     {
-        i++;
-        c = c->next;
+        return 0;
+    }
+
+    child = array->child;
+
+    while(child != NULL)
+    {
+        size++;
+        child = child->next;
     }
 
     /* FIXME: Can overflow here. Cannot be fixed without breaking the API */
 
-    return (int)i;
+    return (int)size;
 }
 
 static cJSON* get_array_item(const cJSON *array, size_t index)
@@ -1747,16 +1762,23 @@ static void suffix_object(cJSON *prev, cJSON *item)
 /* Utility for handling references. */
 static cJSON *create_reference(const cJSON *item, const internal_hooks * const hooks)
 {
-    cJSON *ref = cJSON_New_Item(hooks);
-    if (!ref)
+    cJSON *reference = NULL;
+    if (item == NULL)
     {
         return NULL;
     }
-    memcpy(ref, item, sizeof(cJSON));
-    ref->string = NULL;
-    ref->type |= cJSON_IsReference;
-    ref->next = ref->prev = NULL;
-    return ref;
+
+    reference = cJSON_New_Item(hooks);
+    if (reference == NULL)
+    {
+        return NULL;
+    }
+
+    memcpy(reference, item, sizeof(cJSON));
+    reference->string = NULL;
+    reference->type |= cJSON_IsReference;
+    reference->next = reference->prev = NULL;
+    return reference;
 }
 
 /* Add item to array/object. */
@@ -1789,6 +1811,11 @@ CJSON_PUBLIC(void) cJSON_AddItemToArray(cJSON *array, cJSON *item)
 
 CJSON_PUBLIC(void) cJSON_AddItemToObject(cJSON *object, const char *string, cJSON *item)
 {
+    if (item == NULL)
+    {
+        return;
+    }
+
     /* call cJSON_AddItemToObjectCS for code reuse */
     cJSON_AddItemToObjectCS(object, (char*)cJSON_strdup((const unsigned char*)string, &global_hooks), item);
     /* remove cJSON_StringIsConst flag */
@@ -1805,7 +1832,7 @@ CJSON_PUBLIC(void) cJSON_AddItemToObject(cJSON *object, const char *string, cJSO
 /* Add an item to an object with constant string as key */
 CJSON_PUBLIC(void) cJSON_AddItemToObjectCS(cJSON *object, const char *string, cJSON *item)
 {
-    if (!item)
+    if ((item == NULL) || (string == NULL))
     {
         return;
     }
@@ -1823,11 +1850,21 @@ CJSON_PUBLIC(void) cJSON_AddItemToObjectCS(cJSON *object, const char *string, cJ
 
 CJSON_PUBLIC(void) cJSON_AddItemReferenceToArray(cJSON *array, cJSON *item)
 {
+    if (array == NULL)
+    {
+        return;
+    }
+
     cJSON_AddItemToArray(array, create_reference(item, &global_hooks));
 }
 
 CJSON_PUBLIC(void) cJSON_AddItemReferenceToObject(cJSON *object, const char *string, cJSON *item)
 {
+    if ((object == NULL) || (string == NULL))
+    {
+        return;
+    }
+
     cJSON_AddItemToObject(object, string, create_reference(item, &global_hooks));
 }
 
@@ -1932,7 +1969,7 @@ CJSON_PUBLIC(void) cJSON_InsertItemInArray(cJSON *array, int which, cJSON *newit
 
 CJSON_PUBLIC(cJSON_bool) cJSON_ReplaceItemViaPointer(cJSON * const parent, cJSON * const item, cJSON * replacement)
 {
-    if ((parent == NULL) || (replacement == NULL))
+    if ((parent == NULL) || (replacement == NULL) || (item == NULL))
     {
         return false;
     }
@@ -1977,7 +2014,7 @@ CJSON_PUBLIC(void) cJSON_ReplaceItemInArray(cJSON *array, int which, cJSON *newi
 
 static cJSON_bool replace_item_in_object(cJSON *object, const char *string, cJSON *replacement, cJSON_bool case_sensitive)
 {
-    if (replacement == NULL)
+    if ((replacement == NULL) || (string == NULL))
     {
         return false;
     }
@@ -2140,7 +2177,7 @@ CJSON_PUBLIC(cJSON *) cJSON_CreateIntArray(const int *numbers, int count)
     cJSON *p = NULL;
     cJSON *a = NULL;
 
-    if (count < 0)
+    if ((count < 0) || (numbers == NULL))
     {
         return NULL;
     }
@@ -2175,7 +2212,7 @@ CJSON_PUBLIC(cJSON *) cJSON_CreateFloatArray(const float *numbers, int count)
     cJSON *p = NULL;
     cJSON *a = NULL;
 
-    if (count < 0)
+    if ((count < 0) || (numbers == NULL))
     {
         return NULL;
     }
@@ -2211,7 +2248,7 @@ CJSON_PUBLIC(cJSON *) cJSON_CreateDoubleArray(const double *numbers, int count)
     cJSON *p = NULL;
     cJSON *a = NULL;
 
-    if (count < 0)
+    if ((count < 0) || (numbers == NULL))
     {
         return NULL;
     }
@@ -2247,7 +2284,7 @@ CJSON_PUBLIC(cJSON *) cJSON_CreateStringArray(const char **strings, int count)
     cJSON *p = NULL;
     cJSON *a = NULL;
 
-    if (count < 0)
+    if ((count < 0) || (strings == NULL))
     {
         return NULL;
     }
@@ -2359,6 +2396,12 @@ fail:
 CJSON_PUBLIC(void) cJSON_Minify(char *json)
 {
     unsigned char *into = (unsigned char*)json;
+
+    if (json == NULL)
+    {
+        return;
+    }
+
     while (*json)
     {
         if (*json == ' ')

cJSON.h

@@ -31,7 +31,7 @@ extern "C"
 /* project version */
 #define CJSON_VERSION_MAJOR 1
 #define CJSON_VERSION_MINOR 5
-#define CJSON_VERSION_PATCH 5
+#define CJSON_VERSION_PATCH 9
 
 #include <stddef.h>
 
@@ -138,6 +138,10 @@ CJSON_PUBLIC(void) cJSON_InitHooks(cJSON_Hooks* hooks);
 /* Memory Management: the caller is always responsible to free the results from all variants of cJSON_Parse (with cJSON_Delete) and cJSON_Print (with stdlib free, cJSON_Hooks.free_fn, or cJSON_free as appropriate). The exception is cJSON_PrintPreallocated, where the caller has full responsibility of the buffer. */
 /* Supply a block of JSON, and this returns a cJSON object you can interrogate. */
 CJSON_PUBLIC(cJSON *) cJSON_Parse(const char *value);
+/* ParseWithOpts allows you to require (and check) that the JSON is null terminated, and to retrieve the pointer to the final byte parsed. */
+/* If you supply a ptr in return_parse_end and parsing fails, then return_parse_end will contain a pointer to the error so will match cJSON_GetErrorPtr(). */
+CJSON_PUBLIC(cJSON *) cJSON_ParseWithOpts(const char *value, const char **return_parse_end, cJSON_bool require_null_terminated);
+
 /* Render a cJSON entity to text for transfer/storage. */
 CJSON_PUBLIC(char *) cJSON_Print(const cJSON *item);
 /* Render a cJSON entity to text for transfer/storage without any formatting. */
@@ -228,10 +232,6 @@ The item->next and ->prev pointers are always zero on return from Duplicate. */
 CJSON_PUBLIC(cJSON_bool) cJSON_Compare(const cJSON * const a, const cJSON * const b, const cJSON_bool case_sensitive);
 
 
-/* ParseWithOpts allows you to require (and check) that the JSON is null terminated, and to retrieve the pointer to the final byte parsed. */
-/* If you supply a ptr in return_parse_end and parsing fails, then return_parse_end will contain a pointer to the error. If not, then cJSON_GetErrorPtr() does the job. */
-CJSON_PUBLIC(cJSON *) cJSON_ParseWithOpts(const char *value, const char **return_parse_end, cJSON_bool require_null_terminated);
-
 CJSON_PUBLIC(void) cJSON_Minify(char *json);
 
 /* Macros for creating things quickly. */

cJSON_Utils.c

@@ -162,6 +162,11 @@ CJSON_PUBLIC(char *) cJSONUtils_FindPointerFromObjectTo(const cJSON * const obje
     size_t child_index = 0;
     cJSON *current_child = 0;
 
+    if ((object == NULL) || (target == NULL))
+    {
+        return NULL;
+    }
+
     if (object == target)
     {
         /* found */
@@ -257,6 +262,12 @@ static cJSON_bool decode_array_index_from_pointer(const unsigned char * const po
 static cJSON *get_item_from_pointer(cJSON * const object, const char * pointer, const cJSON_bool case_sensitive)
 {
     cJSON *current_element = object;
+
+    if (pointer == NULL)
+    {
+        return NULL;
+    }
+
     /* follow path of the pointer */
     while ((pointer[0] == '/') && (current_element != NULL))
     {
@@ -539,6 +550,10 @@ static cJSON *sort_list(cJSON *list, const cJSON_bool case_sensitive)
 
 static void sort_object(cJSON * const object, const cJSON_bool case_sensitive)
 {
+    if (object == NULL)
+    {
+        return;
+    }
     object->child = sort_list(object->child, case_sensitive);
 }
 
@@ -1028,7 +1043,14 @@ CJSON_PUBLIC(int) cJSONUtils_ApplyPatchesCaseSensitive(cJSON * const object, con
 
 static void compose_patch(cJSON * const patches, const unsigned char * const operation, const unsigned char * const path, const unsigned char *suffix, const cJSON * const value)
 {
-    cJSON *patch = cJSON_CreateObject();
+    cJSON *patch = NULL;
+
+    if ((patches == NULL) || (operation == NULL) || (path == NULL))
+    {
+        return;
+    }
+
+    patch = cJSON_CreateObject();
     if (patch == NULL)
     {
         return;
@@ -1206,7 +1228,14 @@ static void create_patches(cJSON * const patches, const unsigned char * const pa
 
 CJSON_PUBLIC(cJSON *) cJSONUtils_GeneratePatches(cJSON * const from, cJSON * const to)
 {
-    cJSON *patches = cJSON_CreateArray();
+    cJSON *patches = NULL;
+
+    if ((from == NULL) || (to == NULL))
+    {
+        return NULL;
+    }
+
+    patches = cJSON_CreateArray();
     create_patches(patches, (const unsigned char*)"", from, to, false);
 
     return patches;
@@ -1214,7 +1243,14 @@ CJSON_PUBLIC(cJSON *) cJSONUtils_GeneratePatches(cJSON * const from, cJSON * con
 
 CJSON_PUBLIC(cJSON *) cJSONUtils_GeneratePatchesCaseSensitive(cJSON * const from, cJSON * const to)
 {
-    cJSON *patches = cJSON_CreateArray();
+    cJSON *patches = NULL;
+
+    if ((from == NULL) || (to == NULL))
+    {
+        return NULL;
+    }
+
+    patches = cJSON_CreateArray();
     create_patches(patches, (const unsigned char*)"", from, to, true);
 
     return patches;

fuzzing/json.dict

@@ -25,8 +25,8 @@ escape_sequence_r="\\r"
 escape_sequence_t="\\t"
 escape_sequence_quote="\\\""
 escape_sequence_backslash="\\\\"
-escapce_sequence_slash="\\/"
-escpae_sequence_utf16_base="\\u"
+escape_sequence_slash="\\/"
+escape_sequence_utf16_base="\\u"
 escape_sequence_utf16="\\u12ab"
 
 number_integer="1"

tests/CMakeLists.txt

@@ -58,7 +58,7 @@ if(ENABLE_CJSON_TEST)
             message(WARNING "Valgrind couldn't be found.")
             unset(MEMORYCHECK_COMMAND)
         else()
-            set(MEMORYCHECK_COMMAND_OPTIONS --trace-children=yes --leak-check=full --error-exitcode=1)
+            set(MEMORYCHECK_COMMAND_OPTIONS --trace-children=yes --leak-check=full --error-exitcode=1 --suppressions=${CMAKE_CURRENT_SOURCE_DIR}/../valgrind.supp)
         endif()
     endif()
 
@@ -84,7 +84,8 @@ if(ENABLE_CJSON_TEST)
 
         set (cjson_utils_tests
             json_patch_tests
-            old_utils_tests)
+            old_utils_tests
+            misc_utils_tests)
 
         foreach (cjson_utils_test ${cjson_utils_tests})
             add_executable("${cjson_utils_test}" "${cjson_utils_test}.c")

tests/misc_tests.c

@@ -324,6 +324,108 @@ static void cjson_replace_item_in_object_should_preserve_name(void)
     cJSON_Delete(replacement);
 }
 
+static void cjson_functions_shouldnt_crash_with_null_pointers(void)
+{
+    char buffer[10];
+    cJSON *item = cJSON_CreateString("item");
+
+    cJSON_InitHooks(NULL);
+    TEST_ASSERT_NULL(cJSON_Parse(NULL));
+    TEST_ASSERT_NULL(cJSON_ParseWithOpts(NULL, NULL, true));
+    TEST_ASSERT_NULL(cJSON_Print(NULL));
+    TEST_ASSERT_NULL(cJSON_PrintUnformatted(NULL));
+    TEST_ASSERT_NULL(cJSON_PrintBuffered(NULL, 10, true));
+    TEST_ASSERT_FALSE(cJSON_PrintPreallocated(NULL, buffer, sizeof(buffer), true));
+    TEST_ASSERT_FALSE(cJSON_PrintPreallocated(item, NULL, 1, true));
+    cJSON_Delete(NULL);
+    cJSON_GetArraySize(NULL);
+    TEST_ASSERT_NULL(cJSON_GetArrayItem(NULL, 0));
+    TEST_ASSERT_NULL(cJSON_GetObjectItem(NULL, "item"));
+    TEST_ASSERT_NULL(cJSON_GetObjectItem(item, NULL));
+    TEST_ASSERT_NULL(cJSON_GetObjectItemCaseSensitive(NULL, "item"));
+    TEST_ASSERT_NULL(cJSON_GetObjectItemCaseSensitive(item, NULL));
+    TEST_ASSERT_FALSE(cJSON_HasObjectItem(NULL, "item"));
+    TEST_ASSERT_FALSE(cJSON_HasObjectItem(item, NULL));
+    TEST_ASSERT_FALSE(cJSON_IsInvalid(NULL));
+    TEST_ASSERT_FALSE(cJSON_IsFalse(NULL));
+    TEST_ASSERT_FALSE(cJSON_IsTrue(NULL));
+    TEST_ASSERT_FALSE(cJSON_IsBool(NULL));
+    TEST_ASSERT_FALSE(cJSON_IsNull(NULL));
+    TEST_ASSERT_FALSE(cJSON_IsNumber(NULL));
+    TEST_ASSERT_FALSE(cJSON_IsString(NULL));
+    TEST_ASSERT_FALSE(cJSON_IsArray(NULL));
+    TEST_ASSERT_FALSE(cJSON_IsObject(NULL));
+    TEST_ASSERT_FALSE(cJSON_IsRaw(NULL));
+    TEST_ASSERT_NULL(cJSON_CreateString(NULL));
+    TEST_ASSERT_NULL(cJSON_CreateRaw(NULL));
+    TEST_ASSERT_NULL(cJSON_CreateIntArray(NULL, 10));
+    TEST_ASSERT_NULL(cJSON_CreateFloatArray(NULL, 10));
+    TEST_ASSERT_NULL(cJSON_CreateDoubleArray(NULL, 10));
+    TEST_ASSERT_NULL(cJSON_CreateStringArray(NULL, 10));
+    cJSON_AddItemToArray(NULL, item);
+    cJSON_AddItemToArray(item, NULL);
+    cJSON_AddItemToObject(item, "item", NULL);
+    cJSON_AddItemToObject(item, NULL, item);
+    cJSON_AddItemToObject(NULL, "item", item);
+    cJSON_AddItemToObjectCS(item, "item", NULL);
+    cJSON_AddItemToObjectCS(item, NULL, item);
+    cJSON_AddItemToObjectCS(NULL, "item", item);
+    cJSON_AddItemReferenceToArray(NULL, item);
+    cJSON_AddItemReferenceToArray(item, NULL);
+    cJSON_AddItemReferenceToObject(item, "item", NULL);
+    cJSON_AddItemReferenceToObject(item, NULL, item);
+    cJSON_AddItemReferenceToObject(NULL, "item", item);
+    TEST_ASSERT_NULL(cJSON_DetachItemViaPointer(NULL, item));
+    TEST_ASSERT_NULL(cJSON_DetachItemViaPointer(item, NULL));
+    TEST_ASSERT_NULL(cJSON_DetachItemFromArray(NULL, 0));
+    cJSON_DeleteItemFromArray(NULL, 0);
+    TEST_ASSERT_NULL(cJSON_DetachItemFromObject(NULL, "item"));
+    TEST_ASSERT_NULL(cJSON_DetachItemFromObject(item, NULL));
+    TEST_ASSERT_NULL(cJSON_DetachItemFromObjectCaseSensitive(NULL, "item"));
+    TEST_ASSERT_NULL(cJSON_DetachItemFromObjectCaseSensitive(item, NULL));
+    cJSON_DeleteItemFromObject(NULL, "item");
+    cJSON_DeleteItemFromObject(item, NULL);
+    cJSON_DeleteItemFromObjectCaseSensitive(NULL, "item");
+    cJSON_DeleteItemFromObjectCaseSensitive(item, NULL);
+    cJSON_InsertItemInArray(NULL, 0, item);
+    cJSON_InsertItemInArray(item, 0, NULL);
+    TEST_ASSERT_FALSE(cJSON_ReplaceItemViaPointer(NULL, item, item));
+    TEST_ASSERT_FALSE(cJSON_ReplaceItemViaPointer(item, NULL, item));
+    TEST_ASSERT_FALSE(cJSON_ReplaceItemViaPointer(item, item, NULL));
+    cJSON_ReplaceItemInArray(item, 0, NULL);
+    cJSON_ReplaceItemInArray(NULL, 0, item);
+    cJSON_ReplaceItemInObject(NULL, "item", item);
+    cJSON_ReplaceItemInObject(item, NULL, item);
+    cJSON_ReplaceItemInObject(item, "item", NULL);
+    cJSON_ReplaceItemInObjectCaseSensitive(NULL, "item", item);
+    cJSON_ReplaceItemInObjectCaseSensitive(item, NULL, item);
+    cJSON_ReplaceItemInObjectCaseSensitive(item, "item", NULL);
+    TEST_ASSERT_NULL(cJSON_Duplicate(NULL, true));
+    TEST_ASSERT_FALSE(cJSON_Compare(item, NULL, false));
+    TEST_ASSERT_FALSE(cJSON_Compare(NULL, item, false));
+    cJSON_Minify(NULL);
+    /* skipped because it is only used via a macro that checks for NULL */
+    /* cJSON_SetNumberHelper(NULL, 0); */
+
+    cJSON_Delete(item);
+}
+
+static void *failing_realloc(void *pointer, size_t size)
+{
+    (void)size;
+    (void)pointer;
+    return NULL;
+}
+
+static void ensure_should_fail_on_failed_realloc(void)
+{
+    printbuffer buffer = {NULL, 10, 0, 0, false, false, {&malloc, &free, &failing_realloc}};
+    buffer.buffer = (unsigned char*)malloc(100);
+    TEST_ASSERT_NOT_NULL(buffer.buffer);
+
+    TEST_ASSERT_NULL_MESSAGE(ensure(&buffer, 200), "Ensure didn't fail with failing realloc.");
+}
+
 int main(void)
 {
     UNITY_BEGIN();
@@ -338,6 +440,7 @@ int main(void)
     RUN_TEST(cjson_detach_item_via_pointer_should_detach_items);
     RUN_TEST(cjson_replace_item_via_pointer_should_replace_items);
     RUN_TEST(cjson_replace_item_in_object_should_preserve_name);
-
+    RUN_TEST(cjson_functions_shouldnt_crash_with_null_pointers);
+    RUN_TEST(ensure_should_fail_on_failed_realloc);
     return UNITY_END();
 }

tests/misc_utils_tests.c

@@ -0,0 +1,80 @@
+/*
+  Copyright (c) 2009-2017 Dave Gamble and cJSON contributors
+
+  Permission is hereby granted, free of charge, to any person obtaining a copy
+  of this software and associated documentation files (the "Software"), to deal
+  in the Software without restriction, including without limitation the rights
+  to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+  copies of the Software, and to permit persons to whom the Software is
+  furnished to do so, subject to the following conditions:
+
+  The above copyright notice and this permission notice shall be included in
+  all copies or substantial portions of the Software.
+
+  THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+  IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+  FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+  AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+  LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+  THE SOFTWARE.
+*/
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "unity/examples/unity_config.h"
+#include "unity/src/unity.h"
+#include "common.h"
+#include "../cJSON_Utils.h"
+
+static void cjson_utils_functions_shouldnt_crash_with_null_pointers(void)
+{
+    cJSON *item = cJSON_CreateString("item");
+    TEST_ASSERT_NOT_NULL(item);
+
+    TEST_ASSERT_NULL(cJSONUtils_GetPointer(item, NULL));
+    TEST_ASSERT_NULL(cJSONUtils_GetPointer(NULL, "pointer"));
+    TEST_ASSERT_NULL(cJSONUtils_GetPointerCaseSensitive(NULL, "pointer"));
+    TEST_ASSERT_NULL(cJSONUtils_GetPointerCaseSensitive(item, NULL));
+    TEST_ASSERT_NULL(cJSONUtils_GeneratePatches(item, NULL));
+    TEST_ASSERT_NULL(cJSONUtils_GeneratePatches(NULL, item));
+    TEST_ASSERT_NULL(cJSONUtils_GeneratePatchesCaseSensitive(item, NULL));
+    TEST_ASSERT_NULL(cJSONUtils_GeneratePatchesCaseSensitive(NULL, item));
+    cJSONUtils_AddPatchToArray(item, "path", "add", NULL);
+    cJSONUtils_AddPatchToArray(item, "path", NULL, item);
+    cJSONUtils_AddPatchToArray(item, NULL, "add", item);
+    cJSONUtils_AddPatchToArray(NULL, "path", "add", item);
+    cJSONUtils_ApplyPatches(item, NULL);
+    cJSONUtils_ApplyPatches(NULL, item);
+    cJSONUtils_ApplyPatchesCaseSensitive(item, NULL);
+    cJSONUtils_ApplyPatchesCaseSensitive(NULL, item);
+    TEST_ASSERT_NULL(cJSONUtils_MergePatch(item, NULL));
+    item = cJSON_CreateString("item");
+    TEST_ASSERT_NULL(cJSONUtils_MergePatchCaseSensitive(item, NULL));
+    item = cJSON_CreateString("item");
+    /* these calls are actually valid */
+    /* cJSONUtils_MergePatch(NULL, item); */
+    /* cJSONUtils_MergePatchCaseSensitive(NULL, item);*/
+    /* cJSONUtils_GenerateMergePatch(item, NULL); */
+    /* cJSONUtils_GenerateMergePatch(NULL, item); */
+    /* cJSONUtils_GenerateMergePatchCaseSensitive(item, NULL); */
+    /* cJSONUtils_GenerateMergePatchCaseSensitive(NULL, item); */
+
+    TEST_ASSERT_NULL(cJSONUtils_FindPointerFromObjectTo(item, NULL));
+    TEST_ASSERT_NULL(cJSONUtils_FindPointerFromObjectTo(NULL, item));
+    cJSONUtils_SortObject(NULL);
+    cJSONUtils_SortObjectCaseSensitive(NULL);
+
+    cJSON_Delete(item);
+}
+
+int main(void)
+{
+    UNITY_BEGIN();
+
+    RUN_TEST(cjson_utils_functions_shouldnt_crash_with_null_pointers);
+
+    return UNITY_END();
+}

tests/parse_examples.c

@@ -142,7 +142,7 @@ static void file_test6_should_not_be_parsed(void)
     tree = cJSON_Parse(test6);
     TEST_ASSERT_NULL_MESSAGE(tree, "Should fail to parse what is not JSON.");
 
-    TEST_ASSERT_EQUAL_STRING_MESSAGE(test6, cJSON_GetErrorPtr(), "Error pointer is incorrect.");
+    TEST_ASSERT_EQUAL_PTR_MESSAGE(test6, cJSON_GetErrorPtr(), "Error pointer is incorrect.");
 
     if (test6 != NULL)
     {
@@ -179,6 +179,22 @@ static void file_test11_should_be_parsed_and_printed(void)
     do_test("test11");
 }
 
+static void test12_should_not_be_parsed(void)
+{
+    const char *test12 = "{ \"name\": ";
+    cJSON *tree = NULL;
+
+    tree = cJSON_Parse(test12);
+    TEST_ASSERT_NULL_MESSAGE(tree, "Should fail to parse incomplete JSON.");
+
+    TEST_ASSERT_EQUAL_PTR_MESSAGE(test12 + strlen(test12), cJSON_GetErrorPtr(), "Error pointer is incorrect.");
+
+    if (tree != NULL)
+    {
+        cJSON_Delete(tree);
+    }
+}
+
 int main(void)
 {
     UNITY_BEGIN();
@@ -193,5 +209,6 @@ int main(void)
     RUN_TEST(file_test9_should_be_parsed_and_printed);
     RUN_TEST(file_test10_should_be_parsed_and_printed);
     RUN_TEST(file_test11_should_be_parsed_and_printed);
+    RUN_TEST(test12_should_not_be_parsed);
     return UNITY_END();
 }

tests/parse_with_opts.c

@@ -40,11 +40,23 @@ static void parse_with_opts_should_handle_empty_strings(void)
 {
     const char empty_string[] = "";
     const char *error_pointer = NULL;
+
     TEST_ASSERT_NULL(cJSON_ParseWithOpts(empty_string, NULL, false));
-    error_pointer = cJSON_GetErrorPtr();
-    TEST_ASSERT_EQUAL_INT(0, error_pointer - empty_string);
+    TEST_ASSERT_EQUAL_PTR(empty_string, cJSON_GetErrorPtr());
+
     TEST_ASSERT_NULL(cJSON_ParseWithOpts(empty_string, &error_pointer, false));
-    TEST_ASSERT_EQUAL_INT(0, error_pointer - empty_string);
+    TEST_ASSERT_EQUAL_PTR(empty_string, error_pointer);
+    TEST_ASSERT_EQUAL_PTR(empty_string, cJSON_GetErrorPtr());
+}
+
+static void parse_with_opts_should_handle_incomplete_json(void)
+{
+    const char json[] = "{ \"name\": ";
+    const char *parse_end = NULL;
+
+    TEST_ASSERT_NULL(cJSON_ParseWithOpts(json, &parse_end, false));
+    TEST_ASSERT_EQUAL_PTR(json + strlen(json), parse_end);
+    TEST_ASSERT_EQUAL_PTR(json + strlen(json), cJSON_GetErrorPtr());
 }
 
 static void parse_with_opts_should_require_null_if_requested(void)
@@ -65,7 +77,7 @@ static void parse_with_opts_should_return_parse_end(void)
 
     cJSON *item = cJSON_ParseWithOpts(json, &parse_end, false);
     TEST_ASSERT_NOT_NULL(item);
-    TEST_ASSERT_EQUAL_INT(2, parse_end - json);
+    TEST_ASSERT_EQUAL_PTR(json + 2, parse_end);
     cJSON_Delete(item);
 }
 
@@ -75,6 +87,7 @@ int main(void)
 
     RUN_TEST(parse_with_opts_should_handle_null);
     RUN_TEST(parse_with_opts_should_handle_empty_strings);
+    RUN_TEST(parse_with_opts_should_handle_incomplete_json);
     RUN_TEST(parse_with_opts_should_require_null_if_requested);
     RUN_TEST(parse_with_opts_should_return_parse_end);
 

valgrind.supp

@@ -0,0 +1,6 @@
+{
+	suppress_ld_on_armv7
+	Memcheck:Cond
+	...
+	obj:*/ld-*.so
+}