packages/jsoncpp
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync:Issue 1182: Fix fuzzing bug

Browse Source 
Signed-off-by: zhangzhangxin <zhangxin1@xfusion.com>
This commit is contained in:
zhangzhangxin 2023-04-28 10:59:43 +08:00
parent ec752f7627
commit 1eadb6ee25
2 changed files with 45 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
0001-sync-Issue-1182-Fix-fuzzing-bug.patch Normal file
View File

@ -0,0 +1,40 @@
From 0398d63a8435d5b8f71f07aa8c42e7d65815f97e Mon Sep 17 00:00:00 2001
From: zhangzhangxin <zhangxin1@xfusion.com>
Date: Fri, 28 Apr 2023 10:50:40 +0800
Subject: [PATCH] sync:Issue 1182: Fix fuzzing bug
Signed-off-by: zhangzhangxin <zhangxin1@xfusion.com>
---
src/lib_json/json_reader.cpp | 7 +++++--
test/data/fail_invalid_quote.json | 1 +
2 files changed, 6 insertions(+), 2 deletions(-)
create mode 100644 test/data/fail_invalid_quote.json
diff --git a/src/lib_json/json_reader.cpp b/src/lib_json/json_reader.cpp
index 23cbe60..19922a8 100644
--- a/src/lib_json/json_reader.cpp
+++ b/src/lib_json/json_reader.cpp
@@ -1175,8 +1175,11 @@ bool OurReader::readToken(Token& token) {
if (features_.allowSingleQuotes_) {
token.type_ = tokenString;
ok = readStringSingleQuote();
- break;
- } // else fall through
+ } else {
+ // If we don't allow single quotes, this is a failure case.
+ ok = false;
+ }
+ break;
case '/':
token.type_ = tokenComment;
ok = readComment();
diff --git a/test/data/fail_invalid_quote.json b/test/data/fail_invalid_quote.json
new file mode 100644
index 0000000..0dd76ed
--- /dev/null
+++ b/test/data/fail_invalid_quote.json
@@ -0,0 +1 @@
+{'//this is bad JSON.'}
--
2.40.0.windows.1

6
jsoncpp.spec
View File

@ -1,11 +1,12 @@
Name: jsoncpp Name: jsoncpp
Version: 1.9.3 Version: 1.9.3
Release: 2 Release: 3
Summary: JSON C++ library Summary: JSON C++ library
License: Public Domain or MIT License: Public Domain or MIT
URL: https://github.com/open-source-parsers/jsoncpp URL: https://github.com/open-source-parsers/jsoncpp
Source0: https://github.com/open-source-parsers/jsoncpp/archive/%{version}/%{name}-%{version}.tar.gz Source0: https://github.com/open-source-parsers/jsoncpp/archive/%{version}/%{name}-%{version}.tar.gz
BuildRequires: gcc-c++ cmake >= 3.1 python3-devel BuildRequires: gcc-c++ cmake >= 3.1 python3-devel
Patch0: 0001-sync-Issue-1182-Fix-fuzzing-bug.patch
%description %description
JsonCpp is a C++ library that allows manipulating JSON values, JsonCpp is a C++ library that allows manipulating JSON values,
@ -87,6 +88,9 @@ hardlink -cfv %{buildroot}%{_docdir}/%{name}
%changelog %changelog
* Fri Apr 28 2023 zhujunhao <zhujunhao5@huawei.com> - 1.9.3-3
- Issue 1182: Fix fuzzing bug
* Thu Sep 24 2020 tianwei<tianwei12@huawei.com> - 1.9.3-2 * Thu Sep 24 2020 tianwei<tianwei12@huawei.com> - 1.9.3-2
- Type:update - Type:update
- ID:NA - ID:NA