Home Explore Help
Register Sign In
PSG
/
cJSON
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Fix #105, double free when parse_string fails

This fixes a double free that happens when calling cJSON_Delete on an
item that has been used by parse_string and it failed parsing the
string.

The double free happens, because parse_string frees an alias of
item->valuestring, but doesn't set item->valuestring to NULL.
Max Bruckner 8 years ago
parent
c3bd4463be
commit
94117a5d23
1 changed files with 2 additions and 1 deletions
Split View Show Diff Stats
  1. 2 1
      cJSON.c

+ 2 - 1
cJSON.c
View File 

@@ -468,7 +468,6 @@ static const unsigned char *parse_string(cJSON *item, const unsigned char *str,
 
     {
 
         goto fail;
 
     }
 
-    item->valuestring = (char*)out; /* assign here so out will be deleted during cJSON_Delete() later */
 
     item->type = cJSON_String;
 
 
     ptr = str + 1;
 
@@ -608,6 +607,8 @@ static const unsigned char *parse_string(cJSON *item, const unsigned char *str,
 
         ptr++;
 
     }
 
 
+    item->valuestring = (char*)out;
 
+
 
     return ptr;
 
 
 fail: