From 58077638913b9622ce506500512960c969b00fee Mon Sep 17 00:00:00 2001
From: Alanscut <wp_scut@163.com>
Date: Sun, 28 Apr 2024 10:26:02 +0800
Subject: [PATCH] fix: fix NULL valuestring error

Fix NULL valuestring problem in cJSON_SetValuestring.
This fixes #839 and CVE-2024-31755
Related issue #845
---
 cJSON.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/cJSON.c b/cJSON.c
index 8903e4c2..8b028ac1 100644
--- a/cJSON.c
+++ b/cJSON.c
@@ -406,10 +406,16 @@ CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring)
         return NULL;
     }
     /* return NULL if the object is corrupted */
-    if (object->valuestring == NULL || valuestring == NULL)
+    if (object->valuestring == NULL)
     {
         return NULL;
     }
+    /* NULL valuestring causes error with strlen and should be treated separately */
+    if (valuestring == NULL)
+    {
+        object->valuestring = NULL;
+        return NULL;
+    }
     if (strlen(valuestring) <= strlen(object->valuestring))
     {
         strcpy(object->valuestring, valuestring);