mirror of
https://github.com/DaveGamble/cJSON
synced 2025-01-03 04:42:27 +00:00
87d8f0961a
update version to 1.7.17
24 KiB
24 KiB
1.7.17 (Dec 26, 2023)
Fixes:
- Fix null reference in cJSON_SetValuestring(CVE-2023-50472), see #809
- Fix null reference in cJSON_InsertItemInArray(CVE-2023-50471), see #809 and #810
1.7.16 (Jul 5, 2023)
Features:
- Add an option for ENABLE_CJSON_VERSION_SO in CMakeLists.txt, see #534
- Add cmake_policy to CMakeLists.txt, see #163
- Add cJSON_SetBoolValue, see #639
- Add meson documentation, see #761
Fixes:
- Fix memory leak in merge_patch, see #611
- Fix conflicting target names 'uninstall', see #617
- Bump cmake version to 3.0 and use new version syntax, see #587
- Print int without decimal places, see #630
- Fix 'cjson_utils-static' target not exist, see #625
- Add allocate check for replace_item_in_object, see #675
- Fix a null pointer crash in cJSON_ReplaceItemViaPointer, see #726
1.7.15 (Aug 25, 2021)
Fixes:
- Fix potential core dumped for strrchr, see #546
- Fix null pointer crash in cJSON_CreateXxArray, see #538
- Fix several null pointer problems on allocation failure, see #526
- Fix a possible dereference of null pointer, see #519
- Fix windows build failure about defining nan, see #518
1.7.14 (Sep 3, 2020)
Fixes:
- optimize the way to find tail node, see #503
- Fix WError error on macosx because NAN is a float. Thanks @sappo, see #484
- Fix some bugs in detach and replace. Thanks @miaoerduo, see #456
1.7.13 (Apr 2, 2020)
Features:
- add new API of cJSON_ParseWithLength without breaking changes. Thanks @caglarivriz, see #358
- add new API of cJSON_GetNumberValue. Thanks @Intuition, see#385
- add uninstall target function for CMake. See #402
- Improve performance of adding item to array. Thanks @xiaomianhehe, see #430, #448
- add new API of cJSON_SetValuestring, for changing the valuestring safely. See #451
- add return value for cJSON_AddItemTo... and cJSON_ReplaceItem... (check if the operation successful). See #453
Fixes:
- Fix clang -Wfloat-equal warning. Thanks @paulmalovanyi, see #368
- Fix make failed in mac os. See #405
- Fix memory leak in cJSONUtils_FindPointerFromObjectTo. Thanks @andywolk for reporting, see #414
- Fix bug in encode_string_as_pointer. Thanks @AIChangJiang for reporting, see #439
1.7.12 (May 17, 2019)
Fixes:
- Fix infinite loop in
cJSON_Minify
(potential Denial of Service). Thanks @Alanscut for reporting, see #354 - Fix link error for Visual Studio. Thanks @tan-wei, see #352.
- Undefine
true
andfalse
forcJSON_Utils
before redefining them. Thanks @raiden00pl, see #347.
1.7.11 (Apr 15, 2019)
Fixes:
- Fix a bug where cJSON_Minify could overflow it's buffer, both reading and writing. This is a security issue, see #338. Big thanks @bigric3 for reporting.
- Unset
true
andfalse
macros before setting them if they exist. See #339, thanks @raiden00pl for reporting
1.7.10 (Dec 21, 2018)
Fixes:
- Fix package config file for
libcjson
. Thanks @shiluotang for reporting #321 - Correctly split lists in
cJSON_Utils
's merge sort. Thanks @andysCaplin for the fix #322
1.7.9 (Dec 16, 2018)
Fixes:
- Fix a bug where
cJSON_GetObjectItemCaseSensitive
would pass a nullpointer tostrcmp
when called on an array, see #315. Thanks @yuweol for reporting. - Fix error in
cJSON_Utils
where the case sensitivity was not respected, see #317. Thanks @yuta-oxo for fixing. - Fix some warnings detected by the Visual Studio Static Analyzer, see #307. Thanks @bnason-nf
1.7.8 (Sep 22, 2018)
Fixes:
- cJSON now works with the
__stdcall
calling convention on Windows, see #295, thanks @zhindes for contributing
1.7.7 (May 22, 2018)
Fixes:
- Fix a memory leak when realloc fails, see #267, thanks @AlfieDeng for reporting
- Fix a typo in the header file, see #266, thanks @zhaozhixu
1.7.6 (Apr 13, 2018)
Fixes:
- Add
SONAME
to the ELF files built by the Makefile, see #252, thanks @YanhaoMo for reporting - Add include guards and
extern "C"
tocJSON_Utils.h
, see #256, thanks @daschfg for reporting
Other changes:
- Mark the Makefile as deprecated in the README.
1.7.5 (Mar 23, 2018)
Fixes:
- Fix a bug in the JSON Patch implementation of
cJSON Utils
, see #251, thanks @bobkocisko.
1.7.4 (Mar 3, 2018)
Fixes:
- Fix potential use after free if the
string
parameter tocJSON_AddItemToObject
is an alias of thestring
property of the object that is added,see #248. Thanks @hhallen for reporting.
1.7.3 (Feb 8, 2018)
Fixes:
- Fix potential double free, thanks @projectgus for reporting #241
1.7.2 (Feb 6, 2018)
Fixes:
- Fix the use of GNUInstallDirs variables and the pkgconfig file. Thanks @zeerd for reporting #240
1.7.1 (Jan 10, 2018)
Fixes:
- Fixed an Off-By-One error that could lead to an out of bounds write. Thanks @liuyunbin for reporting #230
- Fixed two errors with buffered printing. Thanks @liuyunbin for reporting #230
1.7.0 (Dec 31, 2017)
Features:
- Large rewrite of the documentation, see #215
- Added the
cJSON_GetStringValue
function - Added the
cJSON_CreateStringReference
function - Added the
cJSON_CreateArrayReference
function - Added the
cJSON_CreateObjectReference
function - The
cJSON_Add...ToObject
macros are now functions that return a pointer to the added item, see #226
Fixes:
- Fix a problem with
GNUInstallDirs
in the CMakeLists.txt, thanks @yangfl, see #210 - Fix linking the tests when building as static library, see #213
- New overrides for the CMake option
BUILD_SHARED_LIBS
, see #207
Other Changes:
- Readme: Explain how to include cJSON, see #211
- Removed some trailing spaces in the code, thanks @yangfl, see #212
- Updated Unity and json-patch-tests
1.6.0 (Oct 9, 2017)
Features:
- You can now build cJSON as both shared and static library at once with CMake using
-DBUILD_SHARED_AND_STATIC_LIBS=On
, see #178 - UTF-8 byte order marks are now ignored, see #184
- Locales can now be disabled with the option
-DENABLE_LOCALES=Off
, see #202, thanks @Casperinous - Better support for MSVC and Visual Studio
Other Changes:
- Add the new warnings
-Wswitch-enum
,-Wused-but-makred-unused
,-Wmissing-variable-declarations
,-Wunused-macro
- More number printing tests.
- Continuous integration testing with AppVeyor (semi automatic at this point), thanks @simon-p-r
1.5.9 (Sep 8, 2017)
Fixes:
- Set the global error pointer even if
return_parse_end
is passed tocJSON_ParseWithOpts
, see #200, thanks @rmallins
1.5.8 (Aug 21, 2017)
Fixes:
- Fix
make test
in the Makefile, thanks @YanhaoMo for reporting this #195
1.5.7 (Jul 13, 2017)
Fixes:
- Fix a bug where realloc failing would return a pointer to an invalid memory address. This is a security issue as it could potentially be used by an attacker to write to arbitrary memory addresses, see #189, fixed in 954d61e, big thanks @timothyjohncarney for reporting this issue
- Fix a spelling mistake in the AFL fuzzer dictionary, see #185, thanks @jwilk
1.5.6 (Jun 28, 2017)
Fixes:
- Make cJSON a lot more tolerant about passing NULL pointers to its functions, it should now fail safely instead of dereferencing the pointer, see #183. Thanks @msichal for reporting #182
1.5.5 (Jun 15, 2017)
Fixes:
- Fix pointers to nested arrays in cJSON_Utils, see 9abe
- Fix an error with case sensitivity handling in cJSON_Utils, see b9cc911
- Fix cJSON_Compare for arrays that are prefixes of the other and objects that are a subset of the other, see 03ba72f and #180, thanks @zhengqb for reporting
1.5.4 (Jun 5, 2017)
Fixes:
- Fix build with GCC 7.1.1 and optimization level
-O2
, see bfbd8fe
Other Changes:
- Update Unity to 3b69beaa58efc41bbbef70a32a46893cae02719d
1.5.3 (May 23, 2017)
Fixes:
- Fix
cJSON_ReplaceItemInObject
not keeping the name of an item, see #174
1.5.2 (May 10, 2017)
Fixes:
- Fix a reading buffer overflow in
parse_string
, see a167d9e - Fix compiling with -Wcomma, see 186cce3
- Remove leftover attribute from tests, see b537ca7
1.5.1 (May 6, 2017)
Fixes:
- Add gcc version guard to the Makefile, see #164, thanks @juvasquezg
- Fix incorrect free in
cJSON_Utils
if custom memory allocator is used, see #166, thanks @prefetchnta
1.5.0 (May 2, 2017)
Features:
- cJSON finally prints numbers without losing precision, see #153, thanks @DeboraG
cJSON_Compare
recursively checks if two cJSON items contain the same values, see #148- Provide case sensitive versions of every function where it matters, see #158 and #159
- Added
cJSON_ReplaceItemViaPointer
andcJSON_DetachItemViaPointer
- Added
cJSON_free
andcJSON_malloc
that expose the internal configured memory allocators. see 02a05ee
Enhancements:
- Parse into a buffer, this will allow parsing
\u0000
in the future (not quite yet though) - General simplifications and readability improvements
- More unit tests
- Update unity testing library to 2.4.1
- Add the json-patch-tests test suite to test cJSON_Utils.
- Move all tests from
test_utils.c
to unit tests with unity.
Fixes:
- Fix some warnings with the Microsoft compiler, see #139, thanks @PawelWMS
- Fix several bugs in cJSON_Utils, mostly found with json-patch-tests
- Prevent a stack overflow by specifying a maximum nesting depth
CJSON_NESTING_LIMIT
Other Changes:
- Move generated files in the
library_config
subdirectory.
1.4.7 (Apr 19, 2017)
Fixes:
- Fix
cJSONUtils_ApplyPatches
, it was completely broken and apparently nobody noticed (or at least reported it), see 075a06f - Fix inconsistent prototype for
cJSON_GetObjectItemCaseSensitive
, see 51d3df6, thanks @PawelWMS
1.4.6 (Apr 9, 2017)
Fixes:
- Several corrections in the README
- Making clear that
valueint
should not be written to - Fix overflow detection in
ensure
, see 2683d4d - Fix a potential null pointer dereference in cJSON_Utils, see 795c3ac
- Replace incorrect
sizeof('\0')
withsizeof("")
, see 84237ff - Add caveats section to the README, see 50b3c30
- Make cJSON locale independent, see #146, Thanks @peterh for reporting
- Fix compiling without CMake with MSVC, see #147, Thanks @dertuxmalwieder for reporting
1.4.5 (Mar 28, 2017)
Fixes:
- Fix bug in
cJSON_SetNumberHelper
, thanks @mmkeeper, see #138 and ef34500 - Workaround for internal compiler error in GCC 5.4.0 and 6.3.1 on x86 (
2f65e80a34
GCC bugreport)
1.4.4 (Mar 24, 2017)
Fixes:
- Fix a theoretical integer overflow, (not sure if it is possible on actual hardware), see e58f7ec
- Fix an off by one error, see cc84a44, thanks @gatzka
- Double check the offset of the print buffer in
ensure
, see 1934059
Improvements:
- Add a note in the header about required buffer size when using
cJSON_PrintPreallocated
, see 4bfb8800
1.4.3 (Mar 19, 2017)
Fixes:
- Fix compilation of the tests on 32 bit PowerPC and potentially other systems, see 4ec6e76
- Fix compilation with old GCC compilers (4.3+ were tested), see 227d33, 466eb8e, see also #126
1.4.2 (Mar 16, 2017)
Fixes:
- Fix minimum required cmake version, see 30e1e7a
- Fix detection of supported compiler flags, see 76e5296
- Run
cJSON_test
andcJSON_test_utils
along with unity tests, see c597601
1.4.1 (Mar 16, 2017)
Fixes:
- Make
print_number
abort with a failure in out of memory situations, see cf1842
1.4.0 (Mar 4, 2017)
Features
- Functions to check the type of an item, see #120
- Use dllexport on windows and fvisibility on Unix systems for public functions, see #116, thanks @mjerris
- Remove trailing zeroes from printed numbers, see #123
- Expose the internal boolean type
cJSON_bool
in the header, see 2d3520e
Fixes
- Fix handling of NULL pointers in
cJSON_ArrayForEach
, see b47d0e3 - Make it compile with GCC 7 (fix -Wimplicit-fallthrough warning), see 9d07917
Other Improvements
- internally use realloc if available (#110)
- builtin support for fuzzing with afl (#111)
- unit tests for the print functions (#112)
- Always use buffered printing (#113)
- simplify the print functions (#114)
- Add the compiler flags
-Wdouble-conversion
,-Wparentheses
and-Wcomma
(#122)
1.3.2 (Mar 1, 2017)
Fixes:
- Don't build the unity library if testing is disabled, see #121. Thanks @ffontaine
1.3.1 (Feb 27, 2017)
Fixes:
- Bugfix release that fixes an out of bounds read, see #118. This shouldn't have any security implications.
1.3.0 (Feb 17, 2017)
This release includes a lot of rework in the parser and includes the Cunity unit testing framework, as well as some fixes. I increased the minor version number because there were quite a lot of internal changes.
Features:
- New type for cJSON structs:
cJSON_Invalid
, see #108
Fixes:
- runtime checks for a lot of potential integer overflows
- fix incorrect return in cJSON_PrintBuffered cf9d57d
- fix several potential issues found by Coverity
- fix potentially undefined behavior when assigning big numbers to
valueint
(41e2837)- Numbers exceeding
INT_MAX
or lower thanINT_MIN
will be explicitly assigned tovalueint
asINT_MAX
andINT_MIN
respectively (saturation on overflow). - fix the
cJSON_SetNumberValue
macro (87f7727), this slightly changes the behavior, see commit message
- Numbers exceeding
Introduce unit tests
- Started writing unit tests with the Cunity testing framework. Currently this covers the parser functions.
Also:
- Support for running the tests with Valgrind
- Support for compiling the tests with AddressSanitizer and UndefinedBehaviorSanitizer.
travis.yml
file for running unit tests on travis. (not enabled for the repository yet though #102
Simplifications
After having unit tests for the parser function in place, I started refactoring the parser functions (as well as others) and making them easier to read and maintain.
- Use
strtod
from the standard library for parsing numbers (0747669) - Use goto-fail in several parser functions (#100)
- Rewrite/restructure all of the parsing functions to be easier to understand and have less code paths doing the same as another. (#109)
- Simplify the buffer allocation strategy to always doubling the needed amount (9f6fa94)
- Combined
cJSON_AddItemToObject
andcJSON_AddItemToObjectCS
to one function (cf862d)
Other changes
- Prevent the usage of incompatible C and header versions via preprocessor directive (123bb1)
- Let CMake automatically detect compiler flags
- Add new compiler flags (
-Wundef
,-Wswitch-default
,-Wconversion
,-fstack-protector-strong
) (#98) - Change internal sizes from
int
tosize_t
(ecd5678) - Change internal strings from
char*
tounsigned char*
(28b9ba4) - Add
const
in more places
1.2.1 (Jan 31, 2017)
Fixes:
- Fixes a potential null pointer dereference in cJSON_Utils, discovered using clang's static analyzer by @bnason-nf, see #96
1.2.0 (Jan 9, 2017)
Features:
Fixes:
- Compiler warning if const is casted away, Thanks @gatzka, see #83
- Fix compile error with strict-overflow on PowerPC, see #85
- Fix typo in the README, thanks @MicroJoe, see #88
- Add compile flag for compatibility with C++ compilers
1.1.0 (Dec 6, 2016)
- Add a function
cJSON_PrintPreallocated
to print to a preallocated buffer, thanks @ChisholmKyle, see #72 - More compiler warnings when using Clang or GCC, thanks @gatzka, see #75, #78
- fixed a memory leak in
cJSON_Duplicate
, thanks @alperakcan, see #81 - fix the
ENABLE_CUSTOM_COMPILER_FLAGS
cmake option
1.0.2 (Nov 25, 2016)
- Rename internal boolean type, see #71.
1.0.1 (Nov 20, 2016)
Small bugfix release.
- Fixes a bug with the use of the cJSON structs type in cJSON_Utils, see d47339e
- improve code readability
- initialize all variables
1.0.0 (Nov 17, 2016)
This is the first official versioned release of cJSON. It provides an API version for the shared library and improved Makefile and CMake build files.