Opened at 2015-06-17T18:20:41Z
Closed at 2015-06-17T22:52:27Z
#1220 closed defect (fixed)
NULL pointer derefence in lib/json.c
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | BitlBee | Version: | 3.4 |
| Keywords: | Cc: | ||
| IRC client+version: | Client-independent | Operating System: | Linux |
| OS version/distro: |
Description
I've been impacted by a NULL dereference in lib/json.c while writing a bitlbee plugin. The bug seems to be fixed upstream.
https://github.com/udp/json-parser/commit/dec8f04414d2b4a754b2309147665ef341c5f90b
Please update the json library !
Program received signal SIGSEGV, Segmentation fault.
0x0000555555586f77 in json_parse_ex (settings=0x7fffffffcdf0, json=0x7fffffffce30 "]\n", length=2, error_buf=0x0) at json.c:511
511 if (top->type == json_array) {
Attachments (0)
Change History (3)
comment:1 follow-up: 2 Changed at 2015-06-17T18:24:07Z by
comment:2 Changed at 2015-06-17T19:10:34Z by
Replying to wilmer:
Actually, could you switch to the parson branch? We've dropped that json library.. This means you'll need to rewrite bits of your plugin I'm afraid, but IME it's not *that* much work fortunately!
Well, I will switch to the parson branch for my development.
Could that patch be imported for the next 3.4.x release ? It could impacts existing code while processing a malformed JSON string.
comment:3 Changed at 2015-06-17T22:52:27Z by
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Done in master. I hope the next release will be with parson but we'll see. Thanks for the report and sorry for the porting troubles! Advantage of parson will be that it lets you parse *and* generate JSON, which you may or may not need. Otherwise I think the two are of similar quality.
Actually, could you switch to the parson branch? We've dropped that json library.. This means you'll need to rewrite bits of your plugin I'm afraid, but IME it's not *that* much work fortunately!