-
Notifications
You must be signed in to change notification settings - Fork 3.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security issue - double free in parse_object #105
Comments
First of all, thanks for investing in the security of cJSON by applying fuzzing. Currently I am unable to reproduce this with either the latest commit from master, or version 1.2.1. Cann you provide your full code for reproducing it please. Please use attachments instead of pasting it in the issue comment. |
I clone the latest commit from master then i compile a simple test program which i'm attaching below together with the crash repro file. Please let me know if you need more info. Regards, |
I found the problem and I can reproduce it with just |
Well that's a good news, thanks for your support! awesome project |
Btw. this problem only existed on master, so v1.2.1 isn't effected. |
Hello Daniele, In your error at first place you are using a complex/recursive json, Can you tell how did you generate this Json. I am also doing Fuzzing on Rest API. Regards, |
I used PyJFuzz a tool of mine, but sadly this is now unmaintained |
Hi during a fuzzing session using PyJFuzz, i found that is possible to trigger a double free condition when parse_object function is called, the double free happend inside parse_string, below a screenshot
Below the testcase i used to crash cJSON
and the output
I don't investigate further, so please let me know what do you think.
Best regards,
Daniele
The text was updated successfully, but these errors were encountered: