Skip to content

Fix: buffer overflow vulnerability in Json::parseString #20846

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: v4
Choose a base branch
from
Open

Fix: buffer overflow vulnerability in Json::parseString #20846

wants to merge 2 commits into from

Conversation

yannaingtun
Copy link

Description of the Change:
This PR fixes a buffer overflow vulnerability (CVE-2016-4303) in the Json::parseString function. The fix addresses improper handling of UTF-16 surrogate pairs during JSON string conversion, preventing potential heap corruption and arbitrary code execution. This vulnerability was identified in the cloned function and was not patched after cJSON's original fix.

Key improvements:
Added robust buffer allocation for UTF-8 character expansion
Implemented comprehensive bounds checking
Enhanced error handling and input validation

References
CVE-2016-4303
Original Patch: esnet/iperf@91f2fa5

IceBBBBB and others added 2 commits December 24, 2024 11:05
@IceBBBBB @wanghui187
v4 supports ohos (cocos2d#20808)
45f4929 
Signed-off-by: 冰冰冰 <418776654@qq.com>

---------

Signed-off-by: 冰冰冰 <418776654@qq.com>
Signed-off-by: @wanghui187 <348582973@qq.com>
Co-authored-by: @wanghui187 <348582973@qq.com>
@yannaingtun
Fix buffer overflow vulnerability in Json::parseString
996c015
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@yannaingtun @IceBBBBB