Skip to content

test: add boundary coverage for cJSON_ParseWithLengthOpts#1043

Draft
xuh0923 wants to merge 236 commits into
DaveGamble:developfrom
xuh0923:test-parse-with-length-opts-boundaries
Draft

test: add boundary coverage for cJSON_ParseWithLengthOpts#1043
xuh0923 wants to merge 236 commits into
DaveGamble:developfrom
xuh0923:test-parse-with-length-opts-boundaries

Conversation

@xuh0923

@xuh0923 xuh0923 commented Jun 27, 2026

Copy link
Copy Markdown

Issue
cJSON_ParseWithLengthOpts is the boundary-oriented parsing API, but its dedicated coverage was missing several key edge cases.

That left behavior around zero-length buffers, exact-length non-null-terminated input, and required null termination largely implied by implementation instead of being directly asserted by tests.

Changes

  • add a zero-length buffer test for cJSON_ParseWithLengthOpts
  • add coverage for parsing exact-length input that is not null terminated
  • add coverage for rejecting trailing data when require_null_terminated is enabled

Verification

  • build and run tests/parse_with_opts.c with gcc -Wall -Wextra -Werror -std=c89
  • run parse_examples from tests/ to confirm existing length-based parsing examples still pass

zhindes and others added 30 commits August 29, 2018 16:25
Support default __stdcall calling convention (/Gz) on Windows
9ecd703 Merge pull request DaveGamble#39 from mr-mixas/test-absent-from-location-for-copy-and-move-ops
66817e7 test absent 'from' location for copy and move
09dee56 Fix anonymous test
8bae8ed Fix « test should pass - no error » test
855f2a4 Fix « test should pass despite (nested) rearrangement » test
53283fc Fix « test should pass despite rearrangement » test
ecf01e7 Fix « null value should be valid obj property » test
1586cdf Fix « Empty-string element » test

git-subtree-dir: tests/json-patch-tests
git-subtree-split: 9ecd703c08cda4864cd2d2fb580a513ec5740934
…zer_warnings

Fix most of the issues reported by the Visual Studio code analysis tool
fix bug: sort_list() returns strange results
Since `prev` is not used anymore after that by the algorithm it should
have been fine anyways, still splitting it correctly in the first place
is probably a good idea.
Thanks @andysCaplin for the fix!
Also first tests for cJSON_Minify.
Thanks @bigric3 for reporting
Alanscut and others added 30 commits April 29, 2024 10:01
Add some tests for setting NULL to deallocated pointers
releated to DaveGamble#842 and DaveGamble#833
Signed-off-by: DL6ER <dl6er@dl6er.de>
Allocate memory for the temporary buffer when paring numbers.
This fixes CVE-2023-26819
The README stated that CMake 2.8.5+ was required, but CMakeLists.txt
requires CMake 3.5+. This inconsistency caused confusion for users
with CMake versions between 2.8.5 and 3.5.

Also updated library_config/uninstall.cmake to match for consistency.

Fixes DaveGamble#988
…amble#991)

Add NULL check at the beginning of cJSON_SetNumberHelper to prevent
segmentation fault when called with NULL object pointer. The function
now returns NAN (Not-a-Number) when object is NULL, consistent with
error handling patterns in other cJSON functions.

This fixes a Denial of Service vulnerability (CWE-476) where an
attacker could crash applications using the cJSON library by
triggering this function with a NULL pointer.

Changes:
- cJSON.c: Add NULL check in cJSON_SetNumberHelper
- tests/misc_tests.c: Add test case and math.h include

Security: Fixes NULL pointer dereference vulnerability
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.