From 088cdab964e6cd88b7f15f36eb3e08d38189cd21 Mon Sep 17 00:00:00 2001
From: Nikias Bassen
Date: Fri, 28 Jan 2022 22:11:00 +0100
Subject: jplist: Fix NULL pointer dereference by handling errors from
 unescape_string correctly

Credit to OSS-Fuzz
---
 src/jplist.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/jplist.c b/src/jplist.c
index ace4bff..c149d20 100644
--- a/src/jplist.c
+++ b/src/jplist.c
@@ -549,6 +549,9 @@ static plist_t parse_string(const char* js, jsmntok_t* tokens, int* index)
 
     size_t str_len = 0; ;
     char* strval = unescape_string(js + tokens[*index].start, tokens[*index].end - tokens[*index].start, &str_len);
+    if (!strval) {
+        return NULL;
+    }
     plist_t node;
 
     plist_data_t data = plist_new_plist_data();
@@ -612,6 +615,9 @@ static plist_t parse_object(const char* js, jsmntok_t* tokens, int* index)
     for (num = 0; num < num_tokens; num++) {
         if (tokens[j].type == JSMN_STRING) {
             char* key = unescape_string(js + tokens[j].start, tokens[j].end - tokens[j].start, NULL);
+            if (!key) {
+                return NULL;
+            }
             plist_t val = NULL;
             j++;
             num++;
-- 
cgit v1.1-32-gdbae