From efb120b34a4e2cb1ae8362bc17e5bff8c7eed256 Mon Sep 17 00:00:00 2001 From: xjdeng Date: Thu, 18 Sep 2025 15:05:42 +0800 Subject: [PATCH 1/4] Fix file descriptor leak --- fuzzing/fuzz_main.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/fuzzing/fuzz_main.c b/fuzzing/fuzz_main.c index 09dc1565..0a3aefcc 100644 --- a/fuzzing/fuzz_main.c +++ b/fuzzing/fuzz_main.c @@ -8,7 +8,7 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size); /* required by C89 int main(int argc, char **argv) { - FILE *f; + FILE *f = NULL; char *buf = NULL; long siz_buf; @@ -25,7 +25,10 @@ int main(int argc, char **argv) goto err; } - fseek(f, 0, SEEK_END); + if(fseek(f, 0, SEEK_END) != 0) { + fprintf(stderr, "fseek() to end failed\n"); + goto err; + } siz_buf = ftell(f); rewind(f); @@ -49,6 +52,10 @@ int main(int argc, char **argv) err: free(buf); + if (f != NULL) + { + fclose(f); + } return 0; } From 163482ae94ca7237ed2d0fb13b96e413d04176a5 Mon Sep 17 00:00:00 2001 From: xjdeng Date: Thu, 18 Sep 2025 16:14:22 +0800 Subject: [PATCH 2/4] Fix potential null pointer dereference & leak --- test.c | 7 +++++++ tests/json_patch_tests.c | 5 ++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/test.c b/test.c index 986fc6eb..356081fa 100644 --- a/test.c +++ b/test.c @@ -51,6 +51,10 @@ static int print_preallocated(cJSON *root) /* formatted print */ out = cJSON_Print(root); + if (out == NULL) { + printf("Failed to print cJSON object.\n"); + return -1; + } /* create buffer to succeed */ /* the extra 5 bytes are because of inaccuracies when reserving memory */ @@ -59,6 +63,7 @@ static int print_preallocated(cJSON *root) if (buf == NULL) { printf("Failed to allocate memory.\n"); + free(out); exit(1); } @@ -68,6 +73,8 @@ static int print_preallocated(cJSON *root) if (buf_fail == NULL) { printf("Failed to allocate memory.\n"); + free(out); + free(buf); exit(1); } diff --git a/tests/json_patch_tests.c b/tests/json_patch_tests.c index 7c3d6aed..0edef546 100644 --- a/tests/json_patch_tests.c +++ b/tests/json_patch_tests.c @@ -157,7 +157,10 @@ static cJSON_bool test_generate_test(cJSON *test) TEST_ASSERT_NOT_NULL_MESSAGE(patch, "Failed to generate patches."); printed_patch = cJSON_Print(patch); - printf("%s\n", printed_patch); + if (printed_patch) + { + printf("%s\n", printed_patch); + } free(printed_patch); /* apply the generated patch */ From 1669e328b7cd887debf0afc74fd45581c2c557da Mon Sep 17 00:00:00 2001 From: xjdeng Date: Sun, 21 Sep 2025 15:52:34 +0800 Subject: [PATCH 3/4] Fix memory leak in cjson_read_fuzzer --- fuzzing/cjson_read_fuzzer.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/fuzzing/cjson_read_fuzzer.c b/fuzzing/cjson_read_fuzzer.c index aa9c7ba7..340181f5 100644 --- a/fuzzing/cjson_read_fuzzer.c +++ b/fuzzing/cjson_read_fuzzer.c @@ -57,7 +57,11 @@ int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) if(minify) { copied = (unsigned char*)malloc(size); - if(copied == NULL) return 0; + if(copied == NULL) + { + cJSON_Delete(json); + return 0; + } memcpy(copied, data, size); From b225b005fb6101293d1e18adbf99593ce3d01f7e Mon Sep 17 00:00:00 2001 From: xjdeng Date: Tue, 23 Sep 2025 17:14:28 +0800 Subject: [PATCH 4/4] Fix potential NULL Pointer Dereference --- tests/common.h | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/tests/common.h b/tests/common.h index 4db6bf8c..e3e0b552 100644 --- a/tests/common.h +++ b/tests/common.h @@ -27,7 +27,12 @@ void reset(cJSON *item); void reset(cJSON *item) { - if ((item != NULL) && (item->child != NULL)) + if (item == NULL) + { + return; + } + + if (item->child != NULL) { cJSON_Delete(item->child); }