summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorGravatar Nikias Bassen2022-01-28 22:11:00 +0100
committerGravatar Nikias Bassen2022-01-28 22:12:09 +0100
commit088cdab964e6cd88b7f15f36eb3e08d38189cd21 (patch)
treec34ccf3bbd7db715dabf76adccb8decda5f502a4 /src
parent6ef1c269792ece2842f65b4b6966ebac3b21a8e3 (diff)
downloadlibplist-088cdab964e6cd88b7f15f36eb3e08d38189cd21.tar.gz
libplist-088cdab964e6cd88b7f15f36eb3e08d38189cd21.tar.bz2
jplist: Fix NULL pointer dereference by handling errors from unescape_string correctly
Credit to OSS-Fuzz
Diffstat (limited to 'src')
-rw-r--r--src/jplist.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/jplist.c b/src/jplist.c
index ace4bff..c149d20 100644
--- a/src/jplist.c
+++ b/src/jplist.c
@@ -549,6 +549,9 @@ static plist_t parse_string(const char* js, jsmntok_t* tokens, int* index)
size_t str_len = 0; ;
char* strval = unescape_string(js + tokens[*index].start, tokens[*index].end - tokens[*index].start, &str_len);
+ if (!strval) {
+ return NULL;
+ }
plist_t node;
plist_data_t data = plist_new_plist_data();
@@ -612,6 +615,9 @@ static plist_t parse_object(const char* js, jsmntok_t* tokens, int* index)
for (num = 0; num < num_tokens; num++) {
if (tokens[j].type == JSMN_STRING) {
char* key = unescape_string(js + tokens[j].start, tokens[j].end - tokens[j].start, NULL);
+ if (!key) {
+ return NULL;
+ }
plist_t val = NULL;
j++;
num++;