Merge pull request #611 from besser82/topic/besser82/json-c-0.12/CVE-2020-12762json-c-0.12

json-c-0.12.x: Fix CVE-2020-12762 - json-c through 0.14 has an integer overflow and out-of-bounds write ...

1 files changed, 30 insertions, 1 deletions

diff --git a/tests/test4.c b/tests/test4.c
index 23e97da..8b05848 100644
--- a/tests/test4.c
+++ b/tests/test4.c
@@ -2,9 +2,11 @@
  * gcc -o utf8 utf8.c -I/home/y/include -L./.libs -ljson
  */
 
+#include "config.h"
+#include <assert.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
-#include "config.h"
 
 #include "json_inttypes.h"
 #include "json_object.h"
@@ -24,6 +26,30 @@ void print_hex( const char* s)
 	printf("\n");
 }
 
+static void test_lot_of_adds(void);
+static void test_lot_of_adds()
+{
+	int ii;
+	char key[50];
+	json_object *jobj = json_object_new_object();
+	assert(jobj != NULL);
+	for (ii = 0; ii < 500; ii++)
+	{
+		snprintf(key, sizeof(key), "k%d", ii);
+		json_object *iobj = json_object_new_int(ii);
+		assert(iobj != NULL);
+		json_object_object_add(jobj, key, iobj);
+		if (json_object_object_get_ex(jobj, key, &iobj) == FALSE)
+		{
+			fprintf(stderr, "FAILED to add object #%d\n", ii);
+			abort();
+		}
+	}
+	printf("%s\n", json_object_to_json_string(jobj));
+	assert(json_object_object_length(jobj) == 500);
+	json_object_put(jobj);
+}
+
 int main()
 {
 	const char *input = "\"\\ud840\\udd26,\\ud840\\udd27,\\ud800\\udd26,\\ud800\\udd27\"";
@@ -49,5 +75,8 @@ int main()
 		retval = 1;
 	}
 	json_object_put(parse_result);
+
+	test_lot_of_adds();
+
 	return retval;
 }