Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2023-02-07 | Fix build without --enable-debug | Nikias Bassen | 1 | -0/+2 | |
2023-02-07 | Add function to interface to allow enabling/disabling error/debug output for ↵ | Nikias Bassen | 1 | -0/+5 | |
the format parses This makes the `-d` option work in plistutil that wasn't doing anything | |||||
2023-02-06 | libcnary: Updated typedefs of node_t and node_list_t to contain pointer | Nikias Bassen | 1 | -6/+5 | |
This makes the code more readable. Obviously all the code that uses it is also updated. | |||||
2023-01-31 | jplist: Fix handling of PLIST_NULL type when converting to JSON | Nikias Bassen | 1 | -0/+3 | |
2023-01-19 | jplist: Add missing newline to debug message | Nikias Bassen | 1 | -1/+1 | |
2023-01-16 | Rename PLIST_UINT to PLIST_INT and add plist_new_int() and plist_get_int_val() | Nikias Bassen | 1 | -4/+8 | |
This properly supports getting and setting signed or unsigned integer values. Also, a new helper function plist_int_val_is_negative() was added to determine if a given #PLIST_INT node has a negative value or not. The old type PLIST_UINT is defined as a macro with the value of PLIST_INT for backwards compatibility. This commit also adds int vs. uint support to the C++ interface, and the python bindings in a hopefully useful way. | |||||
2023-01-08 | JSON: Only allow to convert PLIST_DICT or PLIST_ARRAY node to JSON | Nikias Bassen | 1 | -0/+8 | |
2022-11-02 | jplist: Prevent multiplication overflow by casting to larger type | Nikias Bassen | 1 | -2/+2 | |
Found by CodeQL | |||||
2022-09-05 | jplist: Fix warning with `-Wbad-function-cast` | Nikias Bassen | 1 | -2/+2 | |
2022-04-06 | jplist: Escape characters [0x00..0x1F] when converting to JSON | Nikias Bassen | 1 | -5/+12 | |
2022-02-15 | jplist: Fix another OOB read by using correct bounds check | Nikias Bassen | 1 | -1/+1 | |
Credit to OSS-Fuzz | |||||
2022-02-11 | jplist: Fix OOB read by using correct bounds check | Nikias Bassen | 1 | -1/+1 | |
Credit to OSS-Fuzz | |||||
2022-02-08 | jplist: Prevent read of uninitialized value by checking the bounds beforehand | Nikias Bassen | 1 | -2/+2 | |
Credit to OSS-Fuzz | |||||
2022-02-07 | jplist: Prevent integer overflow when parsing numerical values | Nikias Bassen | 1 | -6/+29 | |
Credit to OSS-Fuzz | |||||
2022-02-03 | jplist: Fix OOB read by making sure number of children is even | Nikias Bassen | 1 | -2/+6 | |
Credit to OSS-Fuzz | |||||
2022-02-02 | jplist: Fix memory leak on parse error | Nikias Bassen | 1 | -0/+2 | |
Credit to OSS-Fuzz | |||||
2022-02-02 | jplist: Improve numerical value parsing without copying data to stack buffer | Nikias Bassen | 1 | -18/+62 | |
Instead of calling strtoll() and atof(), the code now parses the numerical values directly to handle cases of non-0-terminated string data. The floating point value parsing is probably not ideal, but sufficient for our purposes. | |||||
2022-01-31 | jplist: Fix memory leak that occurs when JSON parsing fails | Nikias Bassen | 1 | -0/+1 | |
Credit to OSS-Fuzz | |||||
2022-01-31 | jplist: Fix OOB read in parse_primitive caused by missing 0-termination | Nikias Bassen | 1 | -2/+8 | |
In parse_primitive, integer and double values are parsed by using strtoll and atof, which both expect the string to be 0-terminated. While this is not a problem in well-formed JSON files, it can be if the JSON data is not, possibly leading to a crash due to OOB memory access. This commit fixes it by copying the value data in question to a stack buffer and 0-terminate it, and use that buffer instead. Credit to OSS-Fuzz | |||||
2022-01-31 | jplist: Fix OOB read by making sure the JSMN token index is in valid range | Nikias Bassen | 1 | -31/+48 | |
Credit to OSS-Fuzz | |||||
2022-01-28 | jplist: Fix a few memory leaks that occur when parsing fails | Nikias Bassen | 1 | -0/+5 | |
Credit to OSS-Fuzz | |||||
2022-01-28 | jplist: Fix NULL pointer dereference by handling errors from unescape_string ↵ | Nikias Bassen | 1 | -0/+6 | |
correctly Credit to OSS-Fuzz | |||||
2022-01-28 | jplist: Fix use-after-free in unescape_string | Nikias Bassen | 1 | -2/+2 | |
Credit to OSS-Fuzz | |||||
2022-01-25 | jplist: Make sure the jsmn parser tokens are initialized properly | Nikias Bassen | 1 | -3/+6 | |
2022-01-25 | jplist: Make sure key values are also unescaped | Nikias Bassen | 1 | -12/+19 | |
2021-12-24 | json: Update parser (jsmn) to verify the length of the input data | Nikias Bassen | 1 | -1/+1 | |
This way the string doesn't have to be 0-terminated. | |||||
2021-12-23 | jplist: Make strndup argument const to silence compiler warning | Nikias Bassen | 1 | -1/+1 | |
2021-12-23 | jplist: Fix build on Windows | Nikias Bassen | 1 | -0/+12 | |
2021-12-23 | Add support for JSON format | Nikias Bassen | 1 | -0/+695 | |