github-code/json-c
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix an uninitialized memory access in json_pointer.

Browse Source 
Add comments describing when the fields of the internal struct json_pointer_get_result are valid.
This commit is contained in:
Eric Hawicz
2023-07-26 18:15:07 -04:00
parent efc530594b
commit a14a3a680c
3 changed files with 16 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
json_patch.c
View File

@@ -49,9 +49,9 @@ static int json_patch_apply_test(struct json_object **res,
static int __json_patch_apply_remove(struct json_pointer_get_result *jpres) static int __json_patch_apply_remove(struct json_pointer_get_result *jpres)
{ {
if (json_object_is_type(jpres->parent, json_type_array)) { if (json_object_is_type(jpres->parent, json_type_array)) {
return json_object_array_del_idx(jpres->parent, jpres->id.index, 1); return json_object_array_del_idx(jpres->parent, jpres->index_in_parent, 1);
} else if (jpres->parent && jpres->id.key) { } else if (jpres->parent && jpres->key_in_parent) {
json_object_object_del(jpres->parent, jpres->id.key); json_object_object_del(jpres->parent, jpres->key_in_parent);
return 0; return 0;
} else { } else {
return json_object_put(jpres->obj); return json_object_put(jpres->obj);

17
json_pointer.c
View File

@@ -190,9 +190,9 @@ static int json_pointer_result_get_recursive(struct json_object *obj, char *path
res->parent = parent_obj; res->parent = parent_obj;
res->obj = obj; res->obj = obj;
if (json_object_is_type(res->parent, json_type_array)) if (json_object_is_type(res->parent, json_type_array))
res->id.index = idx; res->index_in_parent = idx;
else else
res->id.key = path; res->key_in_parent = path;
} }
return 0; return 0;
@@ -228,11 +228,10 @@ int json_pointer_get_internal(struct json_object *obj, const char *path,
if (path[0] == '\0') if (path[0] == '\0')
{ {
if (res) { res->parent = NULL;
res->parent = NULL; res->obj = obj;
res->obj = obj; res->key_in_parent = NULL;
} res->index_in_parent = -1;
res->id.key = NULL;
return 0; return 0;
} }
@@ -244,8 +243,8 @@ int json_pointer_get_internal(struct json_object *obj, const char *path,
} }
rc = json_pointer_result_get_recursive(obj, path_copy, res); rc = json_pointer_result_get_recursive(obj, path_copy, res);
/* re-map the path string to the const-path string */ /* re-map the path string to the const-path string */
if (rc == 0 && res->id.key && !json_object_is_type(res->parent, json_type_array)) if (rc == 0 && json_object_is_type(res->parent, json_type_object) && res->key_in_parent)
res->id.key = path + (res->id.key - path_copy); res->key_in_parent = path + (res->key_in_parent - path_copy);
free(path_copy); free(path_copy);
return rc; return rc;

9
json_pointer_private.h
View File

@@ -19,10 +19,11 @@ extern "C" {
struct json_pointer_get_result { struct json_pointer_get_result {
struct json_object *parent; struct json_object *parent;
struct json_object *obj; struct json_object *obj;
union { // The key of the found object; only valid when parent is json_type_object
const char *key; // Caution: re-uses tail end of the `path` argument to json_pointer_get_internal
uint32_t index; const char *key_in_parent;
} id; // the index of the found object; only valid when parent is json_type_array
uint32_t index_in_parent;
}; };
int json_pointer_get_internal(struct json_object *obj, const char *path, int json_pointer_get_internal(struct json_object *obj, const char *path,