fix: fix NULL valuestring error

Fix NULL valuestring problem in cJSON_SetValuestring. This fixes DaveGamble#839 and CVE-2024-31755 Related issue DaveGamble#845
Alanscut · Apr 28, 2024 · a193d24 · a193d24
1 parent f8b407e
commit a193d24
Showing 1 changed file with 7 additions and 1 deletion.
diff --git a/cJSON.c b/cJSON.c
@@ -406,10 +406,16 @@ CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring)
         return NULL;
     }
     /* return NULL if the object is corrupted */
-    if (object->valuestring == NULL || valuestring == NULL)
+    if (object->valuestring == NULL)
     {
         return NULL;
     }
+    /* NULL valuestring causes error with strlen and should be treated separately */
+    if (valuestring == NULL)
+    {
+        object->valuestring = NULL;
+        return NULL;
+    }
     if (strlen(valuestring) <= strlen(object->valuestring))
     {
         strcpy(object->valuestring, valuestring);