kbumsik / emjson Goto Github PK

I came across your library today, and after some poking around I discovered an input that causes the parser to deference a null pointer: {"":{. Complete example program:

#include "emJSON.h"
int main(void)
{
    char buf[] = "{\"\":{";
    json_t test = emJSON_init();
    json_parse(&test, buf);
}

After fixing, fuzzing may reveal additional crashing inputs. Other issues I noticed:

• Compilation requires -DDEBUG due to an incorrectly-placed #endif
• Unaligned memory accesses (to observe, compile and run with UBSan, -fsanitize=undefined)
• Invalid signed shifts (to observe, compile and run with UBSan, -fsanitize=undefined)
• Pointer arithmetic on void *, a GNU extension and not valid C99 (to observe, compile with -pedantic -std=c99)
• Variadic macros that depend on a GNU extension, not valid in C99 (to observe, compile with -pedantic -std=c99)

I only point out the last two since the README says "written in C99."

STM32F401RE NUCLEO gets hardfault when getting floating point, as #1 mentioned.

I should figure out why.

🚧 In progress.

Adding object type.

• adding it in json.h : Done in PR #3
• adding it in emJSON.h
• adding parser for object type : Done in PR #5
• handling buffer inside/outside of parent buffer

Adding null type (needed for adding object type)

• adding it in json.h : Done in PR #3, #5
• Serialize : Done in PR #5
• adding it in emJSON.h
• adding parser for null type
• Proper handling

Others

• Delete content size
• Optimize
• Automatic adjusting size
• Compile option for architecture not supporting unaligned access (such as ARM by default)