From 73b4f5d3e25d0ecfafd390a880365ffa858f0e73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ole=20Andr=C3=A9=20Vadla=20Ravn=C3=A5s?= Date: Mon, 24 Aug 2020 17:00:50 +0100 Subject: Fix copy behavior for complex types The parent of the reffed children were previously left pointing to the original node. In the best-case scenario this would lead to inconsistent state when walking down a tree and then walking back up again. In the worst-case scenario this would happen when the original node had a shorter life-time than the copy, resulting in use-after-free. A typical scenario where this went wrong was with json_from_string(), which would copy the root node, let go of the last reference to the root node, and then return the copy. The copy would then have dangling `parent` pointers. This probably went unnoticed for most use-cases, but would go terribly wrong if someone used a JsonReader and navigated back up the tree by e.g. calling end_member(). Fixes: #20 Fixes: #32 --- json-glib/tests/node.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'json-glib/tests/node.c') diff --git a/json-glib/tests/node.c b/json-glib/tests/node.c index 80beb78..abab8f0 100644 --- a/json-glib/tests/node.c +++ b/json-glib/tests/node.c @@ -91,7 +91,7 @@ test_copy_object (void) copy = json_node_copy (node); g_assert_cmpint (json_node_get_node_type (node), ==, json_node_get_node_type (copy)); - g_assert (json_node_get_object (node) == json_node_get_object (copy)); + g_assert (json_node_get_object (node) != json_node_get_object (copy)); json_node_free (copy); json_node_free (node); -- cgit v1.2.1