Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2022-11-02 | [github-actions] CodeQL: No need for scheduled run since it runs on every push | Nikias Bassen | 1 | -2/+0 | |
2022-11-02 | jplist: Prevent multiplication overflow by casting to larger type | Nikias Bassen | 1 | -2/+2 | |
Found by CodeQL | |||||
2022-09-05 | cython: Fix 2 warnings with `-Wbad-function-cast` | Nikias Bassen | 1 | -2/+4 | |
2022-09-05 | jplist: Fix warning with `-Wbad-function-cast` | Nikias Bassen | 1 | -2/+2 | |
2022-09-05 | Fix up warning with `-Wbad-function-cast` | Dave MacLachlan | 1 | -1/+4 | |
2022-09-05 | Get rid of casting a ptr to a 32 bit value | Dave MacLachlan | 1 | -2/+2 | |
This causes a warning if `-Wbad-function-cast` is enabled on a build. | |||||
2022-09-05 | [github-actions] Update CodeQL to v2 | Nikias Bassen | 1 | -3/+3 | |
2022-09-05 | Allow using libplist as a submodule | Nikias Bassen | 1 | -1/+1 | |
2022-08-24 | bplist: Fix strict aliasing violations | Matthew Smith | 1 | -3/+9 | |
Casting a float pointer to an int pointer is a strict aliasing violation (-Wstrict-aliasing) and is undefined behaviour (although, it did not seem to cause any real issues). An optimising compiler should elide the memcopies added by this commit. | |||||
2022-08-24 | [github-actions] Add a scheduled build every 1st of the month so we always ↵ | Nikias Bassen | 1 | -1/+4 | |
have an artifact | |||||
2022-04-06 | jplist: Escape characters [0x00..0x1F] when converting to JSON | Nikias Bassen | 1 | -5/+12 | |
2022-04-06 | Skip whitespace to properly detect format in plist_from_memory() | Nikias Bassen | 1 | -3/+8 | |
2022-02-15 | jplist: Fix another OOB read by using correct bounds check | Nikias Bassen | 1 | -1/+1 | |
Credit to OSS-Fuzz | |||||
2022-02-14 | [github-actions] Use windows-2019 instead of windows-latest for now | Nikias Bassen | 1 | -1/+1 | |
Built is failing because of some python mess | |||||
2022-02-11 | jplist: Fix OOB read by using correct bounds check | Nikias Bassen | 1 | -1/+1 | |
Credit to OSS-Fuzz | |||||
2022-02-10 | [github-actions] Windows: Prevent -dirty suffix in version string by ↵ | Nikias Bassen | 2 | -0/+2 | |
disabling CRLF conversion | |||||
2022-02-08 | jplist: Prevent read of uninitialized value by checking the bounds beforehand | Nikias Bassen | 1 | -2/+2 | |
Credit to OSS-Fuzz | |||||
2022-02-07 | cython: Fix Windows build | Nikias Bassen | 1 | -0/+4 | |
2022-02-07 | docs: Fix parameter and type names for doxygen | Nikias Bassen | 1 | -8/+11 | |
2022-02-07 | cython: Fix for LibTool compilation and Python 3 libintl | Rick Mark | 1 | -1/+1 | |
On Python 3.9 `libpython` no longer is linkable as a static library due to the fact that `libpython` now depends on `libintl`. This would mean we would have to import `libintl` to create a fully linked .la It is better to be explicit that we are building a .so (really a .dylib but autotools uses linux file conventions) that doesn't have to be fully resolved. | |||||
2022-02-07 | test: Polish json3.test to not leave temp file after test | Nikias Bassen | 1 | -3/+5 | |
2022-02-07 | Update .gitignore | Nikias Bassen | 1 | -0/+3 | |
2022-02-07 | test: Add int64 min/max testcase for JSON parser | Nikias Bassen | 3 | -2/+24 | |
2022-02-07 | xplist: Prevent undefined behavior by not trying to negate INT64_MIN | Nikias Bassen | 1 | -1/+1 | |
2022-02-07 | jplist: Prevent integer overflow when parsing numerical values | Nikias Bassen | 1 | -6/+29 | |
Credit to OSS-Fuzz | |||||
2022-02-05 | configure: Generate usable version via git-version-gen when ran in shallow clone | Nikias Bassen | 1 | -1/+5 | |
2022-02-03 | jplist: Fix OOB read by making sure number of children is even | Nikias Bassen | 2 | -2/+7 | |
Credit to OSS-Fuzz | |||||
2022-02-02 | configure: Prevent wrong version string generation (e.g. when doing a ↵ | Nikias Bassen | 1 | -1/+1 | |
shallow checkout from git) | |||||
2022-02-02 | jplist: Fix memory leak on parse error | Nikias Bassen | 2 | -0/+3 | |
Credit to OSS-Fuzz | |||||
2022-02-02 | jplist: Improve numerical value parsing without copying data to stack buffer | Nikias Bassen | 1 | -18/+62 | |
Instead of calling strtoll() and atof(), the code now parses the numerical values directly to handle cases of non-0-terminated string data. The floating point value parsing is probably not ideal, but sufficient for our purposes. | |||||
2022-01-31 | jplist: Fix memory leak that occurs when JSON parsing fails | Nikias Bassen | 2 | -0/+2 | |
Credit to OSS-Fuzz | |||||
2022-01-31 | plistutil: Make sure the input buffer is 0-terminated in all code paths | Nikias Bassen | 1 | -0/+1 | |
2022-01-31 | test: Update JSON test case to have negative numbers | Nikias Bassen | 1 | -1/+1 | |
2022-01-31 | jplist: Fix OOB read in parse_primitive caused by missing 0-termination | Nikias Bassen | 1 | -2/+8 | |
In parse_primitive, integer and double values are parsed by using strtoll and atof, which both expect the string to be 0-terminated. While this is not a problem in well-formed JSON files, it can be if the JSON data is not, possibly leading to a crash due to OOB memory access. This commit fixes it by copying the value data in question to a stack buffer and 0-terminate it, and use that buffer instead. Credit to OSS-Fuzz | |||||
2022-01-31 | fuzz: Add another JSON test case from OSS-Fuzz | Nikias Bassen | 1 | -0/+1 | |
2022-01-31 | jplist: Fix OOB read by making sure the JSMN token index is in valid range | Nikias Bassen | 1 | -31/+48 | |
Credit to OSS-Fuzz | |||||
2022-01-28 | fuzz: Add JSON crash/leak test cases from OSS-Fuzz | Nikias Bassen | 3 | -0/+3 | |
2022-01-28 | jplist: Fix a few memory leaks that occur when parsing fails | Nikias Bassen | 1 | -0/+5 | |
Credit to OSS-Fuzz | |||||
2022-01-28 | jplist: Fix NULL pointer dereference by handling errors from unescape_string ↵ | Nikias Bassen | 1 | -0/+6 | |
correctly Credit to OSS-Fuzz | |||||
2022-01-28 | jplist: Fix use-after-free in unescape_string | Nikias Bassen | 1 | -2/+2 | |
Credit to OSS-Fuzz | |||||
2022-01-26 | [github-actions] Also checkout all tags for codeql | Nikias Bassen | 1 | -1/+1 | |
2022-01-26 | [github-actions] Make sure to fetch all tags on checkout | Nikias Bassen | 1 | -0/+6 | |
2022-01-25 | jplist: Make sure the jsmn parser tokens are initialized properly | Nikias Bassen | 1 | -3/+6 | |
2022-01-25 | test: Rename json test files to .json | Nikias Bassen | 5 | -3/+4 | |
2022-01-25 | configure: Fix clang detection when configuring --with-fuzzers | Nikias Bassen | 1 | -2/+7 | |
2022-01-25 | fuzz: Add fuzzer for JSON format | Nikias Bassen | 6 | -4/+110 | |
2022-01-25 | autoconf: Automatically derive version number from latest git tag | Nikias Bassen | 3 | -2/+26 | |
2022-01-25 | test: Add additional JSON test case | Nikias Bassen | 4 | -7/+28 | |
2022-01-25 | jplist: Make sure key values are also unescaped | Nikias Bassen | 1 | -12/+19 | |
2021-12-24 | json: Update parser (jsmn) to verify the length of the input data | Nikias Bassen | 3 | -7/+17 | |
This way the string doesn't have to be 0-terminated. |