Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2022-02-07 | Update .gitignore | Nikias Bassen | 1 | -0/+3 | |
2022-02-07 | test: Add int64 min/max testcase for JSON parser | Nikias Bassen | 3 | -2/+24 | |
2022-02-07 | xplist: Prevent undefined behavior by not trying to negate INT64_MIN | Nikias Bassen | 1 | -1/+1 | |
2022-02-07 | jplist: Prevent integer overflow when parsing numerical values | Nikias Bassen | 1 | -6/+29 | |
Credit to OSS-Fuzz | |||||
2022-02-05 | configure: Generate usable version via git-version-gen when ran in shallow clone | Nikias Bassen | 1 | -1/+5 | |
2022-02-03 | jplist: Fix OOB read by making sure number of children is even | Nikias Bassen | 2 | -2/+7 | |
Credit to OSS-Fuzz | |||||
2022-02-02 | configure: Prevent wrong version string generation (e.g. when doing a ↵ | Nikias Bassen | 1 | -1/+1 | |
shallow checkout from git) | |||||
2022-02-02 | jplist: Fix memory leak on parse error | Nikias Bassen | 2 | -0/+3 | |
Credit to OSS-Fuzz | |||||
2022-02-02 | jplist: Improve numerical value parsing without copying data to stack buffer | Nikias Bassen | 1 | -18/+62 | |
Instead of calling strtoll() and atof(), the code now parses the numerical values directly to handle cases of non-0-terminated string data. The floating point value parsing is probably not ideal, but sufficient for our purposes. | |||||
2022-01-31 | jplist: Fix memory leak that occurs when JSON parsing fails | Nikias Bassen | 2 | -0/+2 | |
Credit to OSS-Fuzz | |||||
2022-01-31 | plistutil: Make sure the input buffer is 0-terminated in all code paths | Nikias Bassen | 1 | -0/+1 | |
2022-01-31 | test: Update JSON test case to have negative numbers | Nikias Bassen | 1 | -1/+1 | |
2022-01-31 | jplist: Fix OOB read in parse_primitive caused by missing 0-termination | Nikias Bassen | 1 | -2/+8 | |
In parse_primitive, integer and double values are parsed by using strtoll and atof, which both expect the string to be 0-terminated. While this is not a problem in well-formed JSON files, it can be if the JSON data is not, possibly leading to a crash due to OOB memory access. This commit fixes it by copying the value data in question to a stack buffer and 0-terminate it, and use that buffer instead. Credit to OSS-Fuzz | |||||
2022-01-31 | fuzz: Add another JSON test case from OSS-Fuzz | Nikias Bassen | 1 | -0/+1 | |
2022-01-31 | jplist: Fix OOB read by making sure the JSMN token index is in valid range | Nikias Bassen | 1 | -31/+48 | |
Credit to OSS-Fuzz | |||||
2022-01-28 | fuzz: Add JSON crash/leak test cases from OSS-Fuzz | Nikias Bassen | 3 | -0/+3 | |
2022-01-28 | jplist: Fix a few memory leaks that occur when parsing fails | Nikias Bassen | 1 | -0/+5 | |
Credit to OSS-Fuzz | |||||
2022-01-28 | jplist: Fix NULL pointer dereference by handling errors from unescape_string ↵ | Nikias Bassen | 1 | -0/+6 | |
correctly Credit to OSS-Fuzz | |||||
2022-01-28 | jplist: Fix use-after-free in unescape_string | Nikias Bassen | 1 | -2/+2 | |
Credit to OSS-Fuzz | |||||
2022-01-26 | [github-actions] Also checkout all tags for codeql | Nikias Bassen | 1 | -1/+1 | |
2022-01-26 | [github-actions] Make sure to fetch all tags on checkout | Nikias Bassen | 1 | -0/+6 | |
2022-01-25 | jplist: Make sure the jsmn parser tokens are initialized properly | Nikias Bassen | 1 | -3/+6 | |
2022-01-25 | test: Rename json test files to .json | Nikias Bassen | 5 | -3/+4 | |
2022-01-25 | configure: Fix clang detection when configuring --with-fuzzers | Nikias Bassen | 1 | -2/+7 | |
2022-01-25 | fuzz: Add fuzzer for JSON format | Nikias Bassen | 6 | -4/+110 | |
2022-01-25 | autoconf: Automatically derive version number from latest git tag | Nikias Bassen | 3 | -2/+26 | |
2022-01-25 | test: Add additional JSON test case | Nikias Bassen | 4 | -7/+28 | |
2022-01-25 | jplist: Make sure key values are also unescaped | Nikias Bassen | 1 | -12/+19 | |
2021-12-24 | json: Update parser (jsmn) to verify the length of the input data | Nikias Bassen | 3 | -7/+17 | |
This way the string doesn't have to be 0-terminated. | |||||
2021-12-23 | test: Work around JSON parser limitation expecting to have a 0-terminated ↵ | Nikias Bassen | 1 | -0/+3 | |
string as input | |||||
2021-12-23 | test: Update json test case to not rely on --enable-debug | Nikias Bassen | 1 | -9/+6 | |
2021-12-23 | plistutil: Check return values from plist API to print proper error messages | Nikias Bassen | 1 | -14/+35 | |
and return a meaningful exit code. | |||||
2021-12-23 | jplist: Make strndup argument const to silence compiler warning | Nikias Bassen | 1 | -1/+1 | |
2021-12-23 | [github-actions] Fix test suite failing due to missing debug output | Nikias Bassen | 1 | -3/+3 | |
2021-12-23 | jplist: Fix build on Windows | Nikias Bassen | 1 | -0/+12 | |
2021-12-23 | Add support for JSON format | Nikias Bassen | 20 | -66/+1403 | |
2021-12-23 | test: Add PLIST_UID test case | Nikias Bassen | 4 | -3/+155 | |
2021-12-23 | xplist: Add special handling for PLIST_UID parsing from XML | Nikias Bassen | 1 | -5/+14 | |
In XML, PLIST_UID nodes are stored as a dict with a "CF$UID" key and an integer value, so we want to make it a real PLIST_UID node internally. | |||||
2021-12-22 | Add a return value to plist_to_* and plist_from_* functions | Nikias Bassen | 4 | -43/+120 | |
This way it can be easier determined why an import/export operation failed instead of just having a NULL result. | |||||
2021-12-19 | Add support for PLIST_NULL type | Nikias Bassen | 4 | -15/+60 | |
2021-12-19 | Fix 'make docs' target deleting the whole docs subdir | Nikias Bassen | 1 | -1/+1 | |
2021-12-19 | Add new plist_mem_free() function | Nikias Bassen | 4 | -24/+28 | |
Thanks to @azerg for bringing this to my attention. Instead of having multiple (internally identical) plist_*_free() functions, this commit introduces a single plist_mem_free() that can be used to free the memory allocated by plist_to_xml(), plist_to_bin(), plist_get_key_val(), plist_get_string_val(), and plist_get_data_val(). Note: This commit REMOVES plist_to_bin_free() and plist_to_xml_free(). | |||||
2021-11-08 | xplist: Better size estimation for PLIST_REAL nodes | Nikias Bassen | 1 | -2/+2 | |
2021-09-21 | [github-actions] Add an explicit apt-get update before attempting to install ↵ | Nikias Bassen | 1 | -0/+1 | |
packages on ubuntu | |||||
2021-09-17 | [github-actions] Remove git checkout HEAD^2 step for CodeQL | Nikias Bassen | 1 | -5/+0 | |
2021-09-13 | Check availability of constructor attribute and use it on Windows in favor ↵ | Nikias Bassen | 2 | -20/+45 | |
of DllMain | |||||
2021-09-11 | windows: Make thread_once static and remove const qualifiers from ↵ | Nikias Bassen | 1 | -3/+3 | |
thread_once_t globals | |||||
2021-09-11 | Update deprecated autoconf macros and update m4 files | Nikias Bassen | 4 | -127/+172 | |
2021-07-13 | cpp: Array: Make sure the array passed to array_fill ist passed by reference | liujianfengv | 1 | -1/+1 | |
When creating a new Array object, for example through PList::Node::FromPlist(plist_t node), the array_fill function is called from Array() constructor in line 51. It seems that the intended way of calling array_fill() is to pass the _array object by reference, however it is actually passed by value. Thus the changes to the array object made by array_fill() are discarded when the function returns. This commit passes the _array by reference so we keep the changes. | |||||
2021-06-30 | README: Fix typo | Nikias Bassen | 1 | -1/+1 | |