summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2023-01-08fuzz: Add some more JSON test case from OSS-FuzzGravatar Nikias Bassen3-0/+66
2023-01-08JSON: Only allow to convert PLIST_DICT or PLIST_ARRAY node to JSONGravatar Nikias Bassen1-0/+8
2022-11-20[github-actions] Add CIFuzz integrationGravatar David Korczynski1-0/+26
Signed-off-by: David Korczynski <david@adalogics.com>
2022-11-02[github-actions] CodeQL: No need for scheduled run since it runs on every pushGravatar Nikias Bassen1-2/+0
2022-11-02jplist: Prevent multiplication overflow by casting to larger typeGravatar Nikias Bassen1-2/+2
Found by CodeQL
2022-09-05cython: Fix 2 warnings with `-Wbad-function-cast`Gravatar Nikias Bassen1-2/+4
2022-09-05jplist: Fix warning with `-Wbad-function-cast`Gravatar Nikias Bassen1-2/+2
2022-09-05Fix up warning with `-Wbad-function-cast`Gravatar Dave MacLachlan1-1/+4
2022-09-05Get rid of casting a ptr to a 32 bit valueGravatar Dave MacLachlan1-2/+2
This causes a warning if `-Wbad-function-cast` is enabled on a build.
2022-09-05[github-actions] Update CodeQL to v2Gravatar Nikias Bassen1-3/+3
2022-09-05Allow using libplist as a submoduleGravatar Nikias Bassen1-1/+1
2022-08-24bplist: Fix strict aliasing violationsGravatar Matthew Smith1-3/+9
Casting a float pointer to an int pointer is a strict aliasing violation (-Wstrict-aliasing) and is undefined behaviour (although, it did not seem to cause any real issues). An optimising compiler should elide the memcopies added by this commit.
2022-08-24[github-actions] Add a scheduled build every 1st of the month so we always ↵Gravatar Nikias Bassen1-1/+4
have an artifact
2022-04-06jplist: Escape characters [0x00..0x1F] when converting to JSONGravatar Nikias Bassen1-5/+12
2022-04-06Skip whitespace to properly detect format in plist_from_memory()Gravatar Nikias Bassen1-3/+8
2022-02-15jplist: Fix another OOB read by using correct bounds checkGravatar Nikias Bassen1-1/+1
Credit to OSS-Fuzz
2022-02-14[github-actions] Use windows-2019 instead of windows-latest for nowGravatar Nikias Bassen1-1/+1
Built is failing because of some python mess
2022-02-11jplist: Fix OOB read by using correct bounds checkGravatar Nikias Bassen1-1/+1
Credit to OSS-Fuzz
2022-02-10[github-actions] Windows: Prevent -dirty suffix in version string by ↵Gravatar Nikias Bassen2-0/+2
disabling CRLF conversion
2022-02-08jplist: Prevent read of uninitialized value by checking the bounds beforehandGravatar Nikias Bassen1-2/+2
Credit to OSS-Fuzz
2022-02-07cython: Fix Windows buildGravatar Nikias Bassen1-0/+4
2022-02-07docs: Fix parameter and type names for doxygenGravatar Nikias Bassen1-8/+11
2022-02-07cython: Fix for LibTool compilation and Python 3 libintlGravatar Rick Mark1-1/+1
On Python 3.9 `libpython` no longer is linkable as a static library due to the fact that `libpython` now depends on `libintl`. This would mean we would have to import `libintl` to create a fully linked .la It is better to be explicit that we are building a .so (really a .dylib but autotools uses linux file conventions) that doesn't have to be fully resolved.
2022-02-07test: Polish json3.test to not leave temp file after testGravatar Nikias Bassen1-3/+5
2022-02-07Update .gitignoreGravatar Nikias Bassen1-0/+3
2022-02-07test: Add int64 min/max testcase for JSON parserGravatar Nikias Bassen3-2/+24
2022-02-07xplist: Prevent undefined behavior by not trying to negate INT64_MINGravatar Nikias Bassen1-1/+1
2022-02-07jplist: Prevent integer overflow when parsing numerical valuesGravatar Nikias Bassen1-6/+29
Credit to OSS-Fuzz
2022-02-05configure: Generate usable version via git-version-gen when ran in shallow cloneGravatar Nikias Bassen1-1/+5
2022-02-03jplist: Fix OOB read by making sure number of children is evenGravatar Nikias Bassen2-2/+7
Credit to OSS-Fuzz
2022-02-02configure: Prevent wrong version string generation (e.g. when doing a ↵Gravatar Nikias Bassen1-1/+1
shallow checkout from git)
2022-02-02jplist: Fix memory leak on parse errorGravatar Nikias Bassen2-0/+3
Credit to OSS-Fuzz
2022-02-02jplist: Improve numerical value parsing without copying data to stack bufferGravatar Nikias Bassen1-18/+62
Instead of calling strtoll() and atof(), the code now parses the numerical values directly to handle cases of non-0-terminated string data. The floating point value parsing is probably not ideal, but sufficient for our purposes.
2022-01-31jplist: Fix memory leak that occurs when JSON parsing failsGravatar Nikias Bassen2-0/+2
Credit to OSS-Fuzz
2022-01-31plistutil: Make sure the input buffer is 0-terminated in all code pathsGravatar Nikias Bassen1-0/+1
2022-01-31test: Update JSON test case to have negative numbersGravatar Nikias Bassen1-1/+1
2022-01-31jplist: Fix OOB read in parse_primitive caused by missing 0-terminationGravatar Nikias Bassen1-2/+8
In parse_primitive, integer and double values are parsed by using strtoll and atof, which both expect the string to be 0-terminated. While this is not a problem in well-formed JSON files, it can be if the JSON data is not, possibly leading to a crash due to OOB memory access. This commit fixes it by copying the value data in question to a stack buffer and 0-terminate it, and use that buffer instead. Credit to OSS-Fuzz
2022-01-31fuzz: Add another JSON test case from OSS-FuzzGravatar Nikias Bassen1-0/+1
2022-01-31jplist: Fix OOB read by making sure the JSMN token index is in valid rangeGravatar Nikias Bassen1-31/+48
Credit to OSS-Fuzz
2022-01-28fuzz: Add JSON crash/leak test cases from OSS-FuzzGravatar Nikias Bassen3-0/+3
2022-01-28jplist: Fix a few memory leaks that occur when parsing failsGravatar Nikias Bassen1-0/+5
Credit to OSS-Fuzz
2022-01-28jplist: Fix NULL pointer dereference by handling errors from unescape_string ↵Gravatar Nikias Bassen1-0/+6
correctly Credit to OSS-Fuzz
2022-01-28jplist: Fix use-after-free in unescape_stringGravatar Nikias Bassen1-2/+2
Credit to OSS-Fuzz
2022-01-26[github-actions] Also checkout all tags for codeqlGravatar Nikias Bassen1-1/+1
2022-01-26[github-actions] Make sure to fetch all tags on checkoutGravatar Nikias Bassen1-0/+6
2022-01-25jplist: Make sure the jsmn parser tokens are initialized properlyGravatar Nikias Bassen1-3/+6
2022-01-25test: Rename json test files to .jsonGravatar Nikias Bassen5-3/+4
2022-01-25configure: Fix clang detection when configuring --with-fuzzersGravatar Nikias Bassen1-2/+7
2022-01-25fuzz: Add fuzzer for JSON formatGravatar Nikias Bassen6-4/+110
2022-01-25autoconf: Automatically derive version number from latest git tagGravatar Nikias Bassen3-2/+26