A RetroSearch Logo

Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Search Query:

Showing content from https://github.com/DaveGamble/cJSON/issues/105 below:

Security issue - double free in parse_object · Issue #105 · DaveGamble/cJSON · GitHub

Hi during a fuzzing session using PyJFuzz, i found that is possible to trigger a double free condition when parse_object function is called, the double free happend inside parse_string, below a screenshot

Below the testcase i used to crash cJSON

[{"FsrKY7": {"xsatsIjrY": {"f4UOmTp": -59.634942997}, "qf6t2w7f0": {}, "vwY7wMW": {"mcyrBl": "X1tjR5d", "m\FsFF20": "UzbJl"}}, "FGRF1wI": {"R6KZm": 127, "jC8utX": null}, "6nrvXK9sk": {"Gj7zP": {}}}, {"V5GD8GR": -19.5946741823, "bYsh2vyhp": -24.3975015443}{"V5GD8GR": -19.5946741823, "bYsh2vyhp": 24.3975015443}, ]

and the output

I don't investigate further, so please let me know what do you think.

Best regards,
Daniele

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4