summaryrefslogtreecommitdiffstats
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2022-11-02jplist: Prevent multiplication overflow by casting to larger typeGravatar Nikias Bassen1-2/+2
Found by CodeQL
2022-09-05jplist: Fix warning with `-Wbad-function-cast`Gravatar Nikias Bassen1-2/+2
2022-09-05Fix up warning with `-Wbad-function-cast`Gravatar Dave MacLachlan1-1/+4
2022-09-05Get rid of casting a ptr to a 32 bit valueGravatar Dave MacLachlan1-2/+2
This causes a warning if `-Wbad-function-cast` is enabled on a build.
2022-08-24bplist: Fix strict aliasing violationsGravatar Matthew Smith1-3/+9
Casting a float pointer to an int pointer is a strict aliasing violation (-Wstrict-aliasing) and is undefined behaviour (although, it did not seem to cause any real issues). An optimising compiler should elide the memcopies added by this commit.
2022-04-06jplist: Escape characters [0x00..0x1F] when converting to JSONGravatar Nikias Bassen1-5/+12
2022-04-06Skip whitespace to properly detect format in plist_from_memory()Gravatar Nikias Bassen1-3/+8
2022-02-15jplist: Fix another OOB read by using correct bounds checkGravatar Nikias Bassen1-1/+1
Credit to OSS-Fuzz
2022-02-11jplist: Fix OOB read by using correct bounds checkGravatar Nikias Bassen1-1/+1
Credit to OSS-Fuzz
2022-02-08jplist: Prevent read of uninitialized value by checking the bounds beforehandGravatar Nikias Bassen1-2/+2
Credit to OSS-Fuzz
2022-02-07xplist: Prevent undefined behavior by not trying to negate INT64_MINGravatar Nikias Bassen1-1/+1
2022-02-07jplist: Prevent integer overflow when parsing numerical valuesGravatar Nikias Bassen1-6/+29
Credit to OSS-Fuzz
2022-02-03jplist: Fix OOB read by making sure number of children is evenGravatar Nikias Bassen1-2/+6
Credit to OSS-Fuzz
2022-02-02jplist: Fix memory leak on parse errorGravatar Nikias Bassen1-0/+2
Credit to OSS-Fuzz
2022-02-02jplist: Improve numerical value parsing without copying data to stack bufferGravatar Nikias Bassen1-18/+62
Instead of calling strtoll() and atof(), the code now parses the numerical values directly to handle cases of non-0-terminated string data. The floating point value parsing is probably not ideal, but sufficient for our purposes.
2022-01-31jplist: Fix memory leak that occurs when JSON parsing failsGravatar Nikias Bassen1-0/+1
Credit to OSS-Fuzz
2022-01-31jplist: Fix OOB read in parse_primitive caused by missing 0-terminationGravatar Nikias Bassen1-2/+8
In parse_primitive, integer and double values are parsed by using strtoll and atof, which both expect the string to be 0-terminated. While this is not a problem in well-formed JSON files, it can be if the JSON data is not, possibly leading to a crash due to OOB memory access. This commit fixes it by copying the value data in question to a stack buffer and 0-terminate it, and use that buffer instead. Credit to OSS-Fuzz
2022-01-31jplist: Fix OOB read by making sure the JSMN token index is in valid rangeGravatar Nikias Bassen1-31/+48
Credit to OSS-Fuzz
2022-01-28jplist: Fix a few memory leaks that occur when parsing failsGravatar Nikias Bassen1-0/+5
Credit to OSS-Fuzz
2022-01-28jplist: Fix NULL pointer dereference by handling errors from unescape_string ↵Gravatar Nikias Bassen1-0/+6
correctly Credit to OSS-Fuzz
2022-01-28jplist: Fix use-after-free in unescape_stringGravatar Nikias Bassen1-2/+2
Credit to OSS-Fuzz
2022-01-25jplist: Make sure the jsmn parser tokens are initialized properlyGravatar Nikias Bassen1-3/+6
2022-01-25jplist: Make sure key values are also unescapedGravatar Nikias Bassen1-12/+19
2021-12-24json: Update parser (jsmn) to verify the length of the input dataGravatar Nikias Bassen3-7/+17
This way the string doesn't have to be 0-terminated.
2021-12-23jplist: Make strndup argument const to silence compiler warningGravatar Nikias Bassen1-1/+1
2021-12-23jplist: Fix build on WindowsGravatar Nikias Bassen1-0/+12
2021-12-23Add support for JSON formatGravatar Nikias Bassen5-0/+1074
2021-12-23xplist: Add special handling for PLIST_UID parsing from XMLGravatar Nikias Bassen1-5/+14
In XML, PLIST_UID nodes are stored as a dict with a "CF$UID" key and an integer value, so we want to make it a real PLIST_UID node internally.
2021-12-22Add a return value to plist_to_* and plist_from_* functionsGravatar Nikias Bassen3-38/+101
This way it can be easier determined why an import/export operation failed instead of just having a NULL result.
2021-12-19Add support for PLIST_NULL typeGravatar Nikias Bassen3-5/+40
2021-12-19Add new plist_mem_free() functionGravatar Nikias Bassen3-10/+8
Thanks to @azerg for bringing this to my attention. Instead of having multiple (internally identical) plist_*_free() functions, this commit introduces a single plist_mem_free() that can be used to free the memory allocated by plist_to_xml(), plist_to_bin(), plist_get_key_val(), plist_get_string_val(), and plist_get_data_val(). Note: This commit REMOVES plist_to_bin_free() and plist_to_xml_free().
2021-11-08xplist: Better size estimation for PLIST_REAL nodesGravatar Nikias Bassen1-2/+2
2021-09-13Check availability of constructor attribute and use it on Windows in favor ↵Gravatar Nikias Bassen1-16/+23
of DllMain
2021-09-11windows: Make thread_once static and remove const qualifiers from ↵Gravatar Nikias Bassen1-3/+3
thread_once_t globals
2021-07-13cpp: Array: Make sure the array passed to array_fill ist passed by referenceGravatar liujianfengv1-1/+1
When creating a new Array object, for example through PList::Node::FromPlist(plist_t node), the array_fill function is called from Array() constructor in line 51. It seems that the intended way of calling array_fill() is to pass the _array object by reference, however it is actually passed by value. Thus the changes to the array object made by array_fill() are discarded when the function returns. This commit passes the _array by reference so we keep the changes.
2021-06-22[clang-tidy] Remove casts to the same typeGravatar Rosen Penev2-2/+2
Found with google-readability-casting Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-06-22[clang-tidy] cpp: Replace free with deleteGravatar Rosen Penev5-19/+9
It's the C++ way. It also avoids having to check for NULL. Found with cppcoreguidelines-owning-memory Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-06-22[clang-tidy] Fix bad widening castsGravatar Rosen Penev1-2/+2
Found with bugprone-misplaced-widening-cast Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-06-22[clang-tidy] cpp: Use correct type for loop variableGravatar Rosen Penev1-4/+2
Found with bugprone-too-small-loop-variable Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-06-22[clang-tidy] cpp: Turn reference operators to constGravatar Rosen Penev10-10/+10
Found with cppcoreguidelines-c-copy-assignment-signature Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-06-22[clang-tidy] Avoid global non-const variablesGravatar Rosen Penev2-4/+4
Found with cppcoreguidelines-avoid-non-const-global-variables Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-06-22[clang-tidy] Remove pointless constGravatar Rosen Penev2-2/+2
The const is actually misplaced. const plist_t evaluates to void *const instead of const void *. const qualification of the former makes no sense in function declarations. Found with misc-misplaced-const Signed-off-by: Rosen Penev <rosenp@gmail.com>
2021-01-25Replace malloc + memset with calloc where appropriateGravatar Rosen Penev1-2/+1
calloc is faster for big allocations. It's also simpler. Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-11-24time64: Remove code duplication in separate if branches by combining the ↵Gravatar Rosen Penev1-6/+1
conditions [clang-tidy] Found with bugprone-branch-clone Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-11-24Add parentheses to macros for better readabilityGravatar Rosen Penev2-15/+15
[clang-tidy] Found with bugprone-macro-parentheses Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-11-24Improve code readability by using explicit != 0 compare when using strncmpGravatar Rosen Penev1-4/+4
[clang-tidy] Found with bugprone-suspicious-string-compare Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-11-24Improve code readability by not using else after returnGravatar Rosen Penev2-54/+50
[clang-tidy] Found with readability-else-after-return Signed-off-by: Rosen Penev <rosenp@gmail.com>
2020-11-21bplist: Fix offset table range check, don't rely on pointer overflowGravatar Nikias Bassen1-1/+1
2020-06-14Add API version to library and pkgconfig file for proper linkingGravatar Nikias Bassen3-12/+12
2020-06-09Unfold automake variables into multiple lines for maintainabilityGravatar Martin Szulecki1-36/+47