Merge pull request #608 from besser82/topic/besser82/json-c-0.14/CVE-2020-12762json-c-0.14

json-c-0.14: Fix CVE-2020-12762 - json-c through 0.14 has an integer overflow and out-of-bounds write ...

1 files changed, 29 insertions, 0 deletions

diff --git a/tests/test4.c b/tests/test4.c
index bd964ec..288cec1 100644
--- a/tests/test4.c
+++ b/tests/test4.c
@@ -3,12 +3,15 @@
  */
 
 #include "config.h"
+#include <assert.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 
 #include "json_inttypes.h"
 #include "json_object.h"
 #include "json_tokener.h"
+#include "snprintf_compat.h"
 
 void print_hex(const char *s)
 {
@@ -24,6 +27,29 @@ void print_hex(const char *s)
 	putchar('\n');
 }
 
+static void test_lot_of_adds(void);
+static void test_lot_of_adds()
+{
+	int ii;
+	char key[50];
+	json_object *jobj = json_object_new_object();
+	assert(jobj != NULL);
+	for (ii = 0; ii < 500; ii++)
+	{
+		snprintf(key, sizeof(key), "k%d", ii);
+		json_object *iobj = json_object_new_int(ii);
+		assert(iobj != NULL);
+		if (json_object_object_add(jobj, key, iobj))
+		{
+			fprintf(stderr, "FAILED to add object #%d\n", ii);
+			abort();
+		}
+	}
+	printf("%s\n", json_object_to_json_string(jobj));
+	assert(json_object_object_length(jobj) == 500);
+	json_object_put(jobj);
+}
+
 int main(void)
 {
 	const char *input = "\"\\ud840\\udd26,\\ud840\\udd27,\\ud800\\udd26,\\ud800\\udd27\"";
@@ -52,5 +78,8 @@ int main(void)
 		retval = 1;
 	}
 	json_object_put(parse_result);
+
+	test_lot_of_adds();
+
 	return retval;
 }