Skip to content

T
Third Party CJSON

OpenHarmony / Third Party CJSON
大约 1 年 前同步成功

通知 6
Star 22
Fork 0
T
Third Party CJSON

体验新版 GitCode,发现更多精彩内容 >>

未验证 提交 a3154a36 编写于 作者: A Alanscut 提交者: GitHub
浏览文件
操作

Merge pull request #388 from singku/secure_c 

Replace strcpy with strncpy, sprintf with snprintf
上级 189b51c5 16f56300
隐藏空白更改
内联 并排
Showing with 25 addition and 18 deletion
cJSON.c
浏览文件 @ a3154a36
...@@ -95,7 +95,7 @@ CJSON_PUBLIC(char *) cJSON_GetStringValue(cJSON *item) { ...@@ -95,7 +95,7 @@ CJSON_PUBLIC(char *) cJSON_GetStringValue(cJSON *item) {
CJSON_PUBLIC(const char*) cJSON_Version(void) CJSON_PUBLIC(const char*) cJSON_Version(void)
{ {
static char version[15]; static char version[15];
sprintf(version, "%i.%i.%i", CJSON_VERSION_MAJOR, CJSON_VERSION_MINOR, CJSON_VERSION_PATCH); snprintf(version, sizeof(version), "%i.%i.%i", CJSON_VERSION_MAJOR, CJSON_VERSION_MINOR, CJSON_VERSION_PATCH);
return version; return version;
} }
...@@ -499,22 +499,22 @@ static cJSON_bool print_number(const cJSON * const item, printbuffer * const out ...@@ -499,22 +499,22 @@ static cJSON_bool print_number(const cJSON * const item, printbuffer * const out
/* This checks for NaN and Infinity */ /* This checks for NaN and Infinity */
if ((d * 0) != 0) if ((d * 0) != 0)
{ {
length = sprintf((char*)number_buffer, "null"); length = snprintf((char*)number_buffer, sizeof(number_buffer), "null");
} }
else else
{ {
/* Try 15 decimal places of precision to avoid nonsignificant nonzero digits */ /* Try 15 decimal places of precision to avoid nonsignificant nonzero digits */
length = sprintf((char*)number_buffer, "%1.15g", d); length = snprintf((char*)number_buffer, sizeof(number_buffer), "%1.15g", d);
/* Check whether the original double can be recovered */ /* Check whether the original double can be recovered */
if ((sscanf((char*)number_buffer, "%lg", &test) != 1) || ((double)test != d)) if ((sscanf((char*)number_buffer, "%lg", &test) != 1) || ((double)test != d))
{ {
/* If not, print with 17 decimal places of precision */ /* If not, print with 17 decimal places of precision */
length = sprintf((char*)number_buffer, "%1.17g", d); length = snprintf((char*)number_buffer, sizeof(number_buffer), "%1.17g", d);
} }
} }
/* sprintf failed or buffer overrun occurred */ /* snprintf failed or buffer overrun occurred */
if ((length < 0) || (length > (int)(sizeof(number_buffer) - 1))) if ((length < 0) || (length > (int)(sizeof(number_buffer) - 1)))
{ {
return false; return false;
...@@ -848,15 +848,16 @@ static cJSON_bool print_string_ptr(const unsigned char * const input, printbuffe ...@@ -848,15 +848,16 @@ static cJSON_bool print_string_ptr(const unsigned char * const input, printbuffe
return false; return false;
} }
const char quotes[] = "\"\"";
/* empty string */ /* empty string */
if (input == NULL) if (input == NULL)
{ {
output = ensure(output_buffer, sizeof("\"\"")); output = ensure(output_buffer, sizeof(quotes));
if (output == NULL) if (output == NULL)
{ {
return false; return false;
} }
strcpy((char*)output, "\"\""); strncpy((char*)output, quotes, output_buffer->length - output_buffer->offset);
return true; return true;
} }
...@@ -887,7 +888,7 @@ static cJSON_bool print_string_ptr(const unsigned char * const input, printbuffe ...@@ -887,7 +888,7 @@ static cJSON_bool print_string_ptr(const unsigned char * const input, printbuffe
} }
output_length = (size_t)(input_pointer - input) + escape_characters; output_length = (size_t)(input_pointer - input) + escape_characters;
output = ensure(output_buffer, output_length + sizeof("\"\"")); output = ensure(output_buffer, output_length + sizeof(quotes));
if (output == NULL) if (output == NULL)
{ {
return false; return false;
...@@ -943,7 +944,7 @@ static cJSON_bool print_string_ptr(const unsigned char * const input, printbuffe ...@@ -943,7 +944,7 @@ static cJSON_bool print_string_ptr(const unsigned char * const input, printbuffe
break; break;
default: default:
/* escape and print as unicode codepoint */ /* escape and print as unicode codepoint */
sprintf((char*)output_pointer, "u%04x", *input_pointer); snprintf((char*)output_pointer, output_buffer->length - (output_pointer - output_buffer->buffer), "u%04x", *input_pointer);
output_pointer += 4; output_pointer += 4;
break; break;
} }
...@@ -1286,32 +1287,38 @@ static cJSON_bool print_value(const cJSON * const item, printbuffer * const outp ...@@ -1286,32 +1287,38 @@ static cJSON_bool print_value(const cJSON * const item, printbuffer * const outp
switch ((item->type) & 0xFF) switch ((item->type) & 0xFF)
{ {
case cJSON_NULL: case cJSON_NULL:
output = ensure(output_buffer, 5); {
const char buff[] = "null";
output = ensure(output_buffer, sizeof(buff));
if (output == NULL) if (output == NULL)
{ {
return false; return false;
} }
strcpy((char*)output, "null"); strncpy((char*)output, buff, output_buffer->length - output_buffer->offset);
return true; return true;
}
case cJSON_False: case cJSON_False:
output = ensure(output_buffer, 6); {
const char buff[] = "false";
output = ensure(output_buffer, sizeof(buff));
if (output == NULL) if (output == NULL)
{ {
return false; return false;
} }
strcpy((char*)output, "false"); strncpy((char*)output, buff, output_buffer->length - output_buffer->offset);
return true; return true;
}
case cJSON_True: case cJSON_True:
output = ensure(output_buffer, 5); {
const char buff[] = "true";
output = ensure(output_buffer, sizeof(buff));
if (output == NULL) if (output == NULL)
{ {
return false; return false;
} }
strcpy((char*)output, "true"); strncpy((char*)output, buff, output_buffer->length - output_buffer->offset);
return true; return true;
}
case cJSON_Number: case cJSON_Number:
return print_number(item, output_buffer); return print_number(item, output_buffer);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册