Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2022-01-31 | jplist: Fix OOB read in parse_primitive caused by missing 0-termination | Nikias Bassen | 1 | -2/+8 | |
In parse_primitive, integer and double values are parsed by using strtoll and atof, which both expect the string to be 0-terminated. While this is not a problem in well-formed JSON files, it can be if the JSON data is not, possibly leading to a crash due to OOB memory access. This commit fixes it by copying the value data in question to a stack buffer and 0-terminate it, and use that buffer instead. Credit to OSS-Fuzz | |||||
2022-01-31 | jplist: Fix OOB read by making sure the JSMN token index is in valid range | Nikias Bassen | 1 | -31/+48 | |
Credit to OSS-Fuzz | |||||
2022-01-28 | jplist: Fix a few memory leaks that occur when parsing fails | Nikias Bassen | 1 | -0/+5 | |
Credit to OSS-Fuzz | |||||
2022-01-28 | jplist: Fix NULL pointer dereference by handling errors from unescape_string ↵ | Nikias Bassen | 1 | -0/+6 | |
correctly Credit to OSS-Fuzz | |||||
2022-01-28 | jplist: Fix use-after-free in unescape_string | Nikias Bassen | 1 | -2/+2 | |
Credit to OSS-Fuzz | |||||
2022-01-25 | jplist: Make sure the jsmn parser tokens are initialized properly | Nikias Bassen | 1 | -3/+6 | |
2022-01-25 | jplist: Make sure key values are also unescaped | Nikias Bassen | 1 | -12/+19 | |
2021-12-24 | json: Update parser (jsmn) to verify the length of the input data | Nikias Bassen | 3 | -7/+17 | |
This way the string doesn't have to be 0-terminated. | |||||
2021-12-23 | jplist: Make strndup argument const to silence compiler warning | Nikias Bassen | 1 | -1/+1 | |
2021-12-23 | jplist: Fix build on Windows | Nikias Bassen | 1 | -0/+12 | |
2021-12-23 | Add support for JSON format | Nikias Bassen | 5 | -0/+1074 | |
2021-12-23 | xplist: Add special handling for PLIST_UID parsing from XML | Nikias Bassen | 1 | -5/+14 | |
In XML, PLIST_UID nodes are stored as a dict with a "CF$UID" key and an integer value, so we want to make it a real PLIST_UID node internally. | |||||
2021-12-22 | Add a return value to plist_to_* and plist_from_* functions | Nikias Bassen | 3 | -38/+101 | |
This way it can be easier determined why an import/export operation failed instead of just having a NULL result. | |||||
2021-12-19 | Add support for PLIST_NULL type | Nikias Bassen | 3 | -5/+40 | |
2021-12-19 | Add new plist_mem_free() function | Nikias Bassen | 3 | -10/+8 | |
Thanks to @azerg for bringing this to my attention. Instead of having multiple (internally identical) plist_*_free() functions, this commit introduces a single plist_mem_free() that can be used to free the memory allocated by plist_to_xml(), plist_to_bin(), plist_get_key_val(), plist_get_string_val(), and plist_get_data_val(). Note: This commit REMOVES plist_to_bin_free() and plist_to_xml_free(). | |||||
2021-11-08 | xplist: Better size estimation for PLIST_REAL nodes | Nikias Bassen | 1 | -2/+2 | |
2021-09-13 | Check availability of constructor attribute and use it on Windows in favor ↵ | Nikias Bassen | 1 | -16/+23 | |
of DllMain | |||||
2021-09-11 | windows: Make thread_once static and remove const qualifiers from ↵ | Nikias Bassen | 1 | -3/+3 | |
thread_once_t globals | |||||
2021-07-13 | cpp: Array: Make sure the array passed to array_fill ist passed by reference | liujianfengv | 1 | -1/+1 | |
When creating a new Array object, for example through PList::Node::FromPlist(plist_t node), the array_fill function is called from Array() constructor in line 51. It seems that the intended way of calling array_fill() is to pass the _array object by reference, however it is actually passed by value. Thus the changes to the array object made by array_fill() are discarded when the function returns. This commit passes the _array by reference so we keep the changes. | |||||
2021-06-22 | [clang-tidy] Remove casts to the same type | Rosen Penev | 2 | -2/+2 | |
Found with google-readability-casting Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||||
2021-06-22 | [clang-tidy] cpp: Replace free with delete | Rosen Penev | 5 | -19/+9 | |
It's the C++ way. It also avoids having to check for NULL. Found with cppcoreguidelines-owning-memory Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||||
2021-06-22 | [clang-tidy] Fix bad widening casts | Rosen Penev | 1 | -2/+2 | |
Found with bugprone-misplaced-widening-cast Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||||
2021-06-22 | [clang-tidy] cpp: Use correct type for loop variable | Rosen Penev | 1 | -4/+2 | |
Found with bugprone-too-small-loop-variable Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||||
2021-06-22 | [clang-tidy] cpp: Turn reference operators to const | Rosen Penev | 10 | -10/+10 | |
Found with cppcoreguidelines-c-copy-assignment-signature Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||||
2021-06-22 | [clang-tidy] Avoid global non-const variables | Rosen Penev | 2 | -4/+4 | |
Found with cppcoreguidelines-avoid-non-const-global-variables Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||||
2021-06-22 | [clang-tidy] Remove pointless const | Rosen Penev | 2 | -2/+2 | |
The const is actually misplaced. const plist_t evaluates to void *const instead of const void *. const qualification of the former makes no sense in function declarations. Found with misc-misplaced-const Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||||
2021-01-25 | Replace malloc + memset with calloc where appropriate | Rosen Penev | 1 | -2/+1 | |
calloc is faster for big allocations. It's also simpler. Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||||
2020-11-24 | time64: Remove code duplication in separate if branches by combining the ↵ | Rosen Penev | 1 | -6/+1 | |
conditions [clang-tidy] Found with bugprone-branch-clone Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||||
2020-11-24 | Add parentheses to macros for better readability | Rosen Penev | 2 | -15/+15 | |
[clang-tidy] Found with bugprone-macro-parentheses Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||||
2020-11-24 | Improve code readability by using explicit != 0 compare when using strncmp | Rosen Penev | 1 | -4/+4 | |
[clang-tidy] Found with bugprone-suspicious-string-compare Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||||
2020-11-24 | Improve code readability by not using else after return | Rosen Penev | 2 | -54/+50 | |
[clang-tidy] Found with readability-else-after-return Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||||
2020-11-21 | bplist: Fix offset table range check, don't rely on pointer overflow | Nikias Bassen | 1 | -1/+1 | |
2020-06-14 | Add API version to library and pkgconfig file for proper linking | Nikias Bassen | 3 | -12/+12 | |
2020-06-09 | Unfold automake variables into multiple lines for maintainability | Martin Szulecki | 1 | -36/+47 | |
2020-06-09 | Fix pkg-config file liblist++-2.0.pc referencing wrong (old) libplist | Nikias Bassen | 1 | -1/+1 | |
2020-06-08 | Remove whitespace errors from all files | Martin Szulecki | 4 | -10/+10 | |
2020-06-08 | pkgconfig: Correctly rename libplist*.pc to libplist*-2.0.pc | Nikias Bassen | 3 | -1/+1 | |
2020-06-03 | c++: Switch to c++ headers | Rosen Penev | 12 | -13/+13 | |
[clang-tidy]Found with hicpp-deprecated-headers Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||||
2020-06-03 | c++: Remove redundant initialization | Rosen Penev | 2 | -2/+2 | |
[clang-tidy] Found with readability-redundant-member-init Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||||
2020-06-03 | c++: Add closing namespace comment | Rosen Penev | 12 | -12/+12 | |
[clang-tidy] Found with google-readability-namespace-comments Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||||
2020-06-03 | Remove pointless return in void functions | Rosen Penev | 3 | -14/+0 | |
[clang-tidy] Found with readability-redundant-control-flow Signed-off-by: Rosen Penev <rosenp@gmail.com> | |||||
2020-05-26 | Make plist_bool_val_is_true() return 0 instead of -1 if node is NULL or not ↵ | Nikias Bassen | 1 | -1/+1 | |
a PLIST_BOOLEAN | |||||
2020-05-25 | Return NULL from plist_copy() if passed a NULL pointer | Xiao Deng | 1 | -1/+1 | |
This will prevent an assert if a NULL pointer is passed, and can make writing some code easier and cleaner without the need for a NULL check. For example, plist_copy(plist_dict_get_item(dict, "abc")) would give us a copy of the dict's node if the dict has a value for the given key, or NULL without any further checks. | |||||
2020-05-21 | Fix symbol mismatch between public header and interface (plist_bool_val_is_true) | Nikias Bassen | 1 | -1/+1 | |
2020-05-14 | time64: Silence compiler warnings about shadowed variable declarations | Nikias Bassen | 1 | -29/+29 | |
2020-05-14 | bplist: Prevent 32bit compiler warning | Nikias Bassen | 1 | -1/+3 | |
2020-05-11 | bplist: Remove unnecessary allocation and unused variables | Nikias Bassen | 1 | -10/+5 | |
2020-05-11 | Suppress compiler warning about memmem on Linux | Nikias Bassen | 1 | -0/+1 | |
2020-05-11 | Add plist_*_val_compare, plist_*_val_contains, etc. for the respective node ↵ | Nikias Bassen | 1 | -0/+231 | |
types ... except container node types like PLIST_ARRAY or PLIST_DICT. | |||||
2020-04-21 | time64/ctime64_r: localtime64_r can fail | Derrick Lyndon Pallas | 1 | -1/+3 | |
In ctime64_r, the call to localtime64_r can fail. If we don't check for this and then call asctime64_r, the results are garbage. Signed-off-by: Derrick Lyndon Pallas <derrick@pallas.us> |