summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2014-04-10Update the ChangeLog with the changes for the 0.12 release.b2g-0.12Eric Haszlakiewicz2-2/+34
Bump the version in the release checklist.
2014-04-09Patch to address the following issues:Michael Clark11-13/+691
* CVE-2013-6371: hash collision denial of service * CVE-2013-6370: buffer overflow if size_t is larger than int
2014-03-22Eliminate the deprecated mc_abort() function and MC_ABORT macro.Eric Haszlakiewicz2-23/+0
2014-03-22Make the json_tokener_errors array local. It has been deprecated for a ↵Eric Haszlakiewicz2-10/+1
while, and json_tokener_error_desc() should be used instead.
2014-03-22Simplify the tests Makefile to avoid repeating the name of each test.Eric Haszlakiewicz2-18/+20
2014-03-22Rename the "test_case" test to "test_charcase" to make it slightly less ↵Eric Haszlakiewicz5-27/+5
confusing.
2014-03-22Fix warnings from autoconf about "...no AC_LANG_SOURCE call detected..." by ↵Eric Haszlakiewicz1-2/+2
adding that call within the AC_LINK_IFELSE call.
2014-03-22Issue #103: allow Infinity and -Infinity to be parsed.Eric Haszlakiewicz7-2/+97
2014-03-22Merge pull request #123 from fingon/use-NAN-if-availableEric Haszlakiewicz1-1/+6
nan function requires -lm on some platforms - use of NAN is better, if available
2014-03-18nan function requires -lm on some platforms; use of NAN is better, if available.Markus Stenberg1-1/+6
2014-03-09Issue#102 - add support for parsing "NaN".Eric Haszlakiewicz6-10/+44
2014-03-02Issue#114: check for the presence of isnan and isinf, and provide compat ↵Eric Haszlakiewicz4-1/+42
macros on MSCV where _isnan and _finite exist instead.
2014-02-12Merge pull request #121 from TazeTSchnitzel/LowercaseLiteralsEric Haszlakiewicz3-0/+53
Missing lowercase literals test
2014-02-12Merge branch 'master' into LowercaseLiteralsAndrea Faulds3-0/+53
2014-02-12Missing testsAndrea Faulds3-0/+53
2014-02-11Merge commit '89535bb'Eric Haszlakiewicz1-0/+1
2014-02-11Merge pull request #112 from TazeTSchnitzel/LowercaseLiteralsEric Haszlakiewicz2-33/+50
Only allow lowercase literals in STRICT mode
2014-02-11Fix Issue #111: Fix off-by-one error when range checking the input to ↵Eric Haszlakiewicz1-1/+1
json_tokener_error_desc().
2014-02-11Merge pull request #109 from kdopen/use_strtodEric Haszlakiewicz1-1/+32
Avoid potential overflow in json_object_get_double
2014-02-11Merge branch 'ebassi-master'Eric Haszlakiewicz2-1/+27
2014-02-11Merge branch 'master' of https://github.com/ebassi/json-c into ebassi-masterEric Haszlakiewicz2-1/+27
Conflicts: Makefile.am
2014-02-11Ignore and cleanup a few more files that automake creates.Eric Haszlakiewicz3-1/+3
2014-02-11Issue#105: Rename configure.in to configure.acEric Haszlakiewicz1-0/+0
2014-02-11Remove the old libjson.so name compatibility support. The library is only ↵Eric Haszlakiewicz3-48/+1
created as libjson-c.so now and headers are only installed into the ${prefix}/json-c directory.
2013-11-18build: call AM_PROG_CC_C_O as requested by autoreconfRoss Burton1-0/+1
2013-11-14Only allow lowercase literals in STRICT modeAndrea Faulds2-33/+50
2013-10-01Avoid potential overflow in json_object_get_doubleKeith Derrick1-1/+32
sscanf is always a potential problem when converting numeric values as it does not correctly handle over- and underflow (or at least gives no indication that it has done so). This change converts json_object_get_double() to use strtod() according to CERT guidelines.
2013-09-17Add a check for the -Bsymbolic-functions linker flagEmmanuele Bassi2-2/+28
The -Bsymbolic-functions linker flag reduces the amount of PLT jumps in a shared object, and has a side effect of preventing symbol collisions in libraries and applications linking against two different shared objects exposing the same symbol. While the former is (generally) a performance win, the latter is less rare than expected. For instance, PulseAudio started linking against json-c a while ago; now, every project linking against PulseAudio is leaking json-c symbols. In the GNOME platform, this means that projects linking against PulseAudio cannot be safely linked against other libraries depending on the GLib-based JSON parsing libraries JSON-GLib, because of a symbol conflict. Nominally, this conflict would not be an issue: libraries and applications do not need to depend on two different JSON parsing libraries; the symbol leakage, though, ends up causing either segmentation faults, or weird errors. For further reference, please see: https://bugzilla.gnome.org/show_bug.cgi?id=703734 JSON-GLib already switched to using -Bsymbolic-functions, but it would be safe if json-c did the same, wherever the linker flag is available.
2013-09-11Issue #59: change the floating point output format to %.17g so values with ↵Eric Haszlakiewicz1-1/+1
more than 6 digits show up in the output.
2013-09-11Use sizeof instead of hard coded values when calling snprintf.Eric Haszlakiewicz1-4/+4
2013-09-11Added a json_object_new_double_s() convenience function to allow an exact ↵Eric Haszlakiewicz6-11/+83
string representation of a double to be specified when creating the object and use it in json_tokener_parse_ex() so a re-serialized object more exactly matches the input. Add json_object_free_userdata() and json_object_userdata_to_json_string() too.
2013-09-08Ignore the test-driver script that is now created, and the script for the ↵Eric Haszlakiewicz1-0/+2
test_locale test.
2013-09-08The updated test driver creates .log and .trs files; ignore them.Eric Haszlakiewicz1-0/+2
2013-09-08strndup is gone, remove it from the README file.Eric Haszlakiewicz1-1/+1
2013-09-08Merge pull request #97 from pascal-bach/masterEric Haszlakiewicz2-4/+4
Add const qualifiers to json_object_to_file and json_object_to_file_ext
2013-09-08Merge pull request #96 from rouault/remove_strdnupEric Haszlakiewicz4-31/+1
Remove redefinition of strndup() which is no longer used in the codebase
2013-09-08Merge pull request #95 from rouault/extern_json_object_set_serializerEric Haszlakiewicz1-1/+1
Add extern to json_object_set_serializer so that it gets exported (Windows fix)
2013-09-08Merge pull request #94 from remicollet/issue-strict2Eric Haszlakiewicz1-2/+14
more strictness
2013-09-08Merge pull request #93 from tmielika/masterEric Haszlakiewicz1-4/+5
fixing problem that isinf(-Inf) can be 1 or -1
2013-09-08Merge pull request #104 from ↵Eric Haszlakiewicz1-1/+1
rouault/fix_json_tokener_error_desc_out_of_bounds_read Fix potential out-of-bounds read in json_tokener_error_desc
2013-09-08Fix potential out-of-bounds read in json_tokener_error_descEven Rouault1-1/+1
Found by Coverity. The number of elements of an array 'ar' is found by sizeof(ar)/sizeof(ar[0]) and not sizeof(ar) 76const char *json_tokener_error_desc(enum json_tokener_error jerr) 77{ 78 int jerr_int = (int)jerr; 1. Condition "jerr_int < 0", taking false branch 2. Condition "jerr_int > 112 /* (int)sizeof (gdal_json_tokener_errors) */", taking false branch 79 if (jerr_int < 0 || jerr_int > (int)sizeof(json_tokener_errors)) 80 return "Unknown error, invalid json_tokener_error value passed to json_tokener_error_desc()"; CID 1076806 (#1 of 1): Out-of-bounds read (OVERRUN)3. overrun-local: Overrunning array "gdal_json_tokener_errors" of 14 8-byte elements at element index 112 (byte offset 896) using index "jerr" (which evaluates to 112). 81 return json_tokener_errors[jerr]; 82}
2013-08-23trailing char not allowed in strict modeRemi Collet1-0/+7
2013-08-21no comment in strict modeRemi Collet1-1/+1
2013-08-13Update json_utilPascal Bach2-4/+4
filename should be passed as const char* to functions json_object_to_file and json_object_to_file
2013-08-12Remove redefinition of strndup() which is no longer used in the codebaseEven Rouault4-31/+1
2013-08-11Add extern to json_object_set_serializer so that it gets exported (Windows fix)Even Rouault1-1/+1
2013-08-06no single-quote string in strict modeRemi Collet1-1/+6
2013-08-04fixing problem that isinf(-Inf) can be 1 or -1Taneli Mielikainen1-4/+5
2013-06-29Eliminate use of MC_ABORT in json-c code, and mark MC_ABORT/mc_abort deprecated.Eric Haszlakiewicz2-2/+9
Also adjust an error message in json_util to make it unique. Fixes #87.
2013-06-29Issue#84: explicitly remove old headers and include/json directory so ↵Eric Haszlakiewicz1-0/+6
creating the compat symlink can work.
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-10 07:56:00 +0000