Import latest CJSON and libcbor. (#1223)

Author: TingDaoK

THIRD-PARTY-LICENSES.txt

@@ -34,7 +34,7 @@ SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 ------
 
-** cJSON; version 1.7.18 -- https://github.com/DaveGamble/cJSON
+** cJSON; version 1.7.19 -- https://github.com/DaveGamble/cJSON
 Copyright (c) 2009-2017 Dave Gamble and cJSON contributors
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
@@ -57,7 +57,7 @@ THE SOFTWARE.
 
 ------
 
-** libcbor; version 0.12.0 -- https://github.com/PJK/libcbor
+** libcbor; version 0.13.0 -- https://github.com/PJK/libcbor
 Copyright (c) 2014-2017 Pavel Kalvoda
 
 MIT License

scripts/import_libcbor.py

@@ -64,6 +64,7 @@ def parse_version(version_string):
 /* Ignore the compiler warnings for libcbor. */
 #ifdef _MSC_VER
 #    pragma warning(disable : 4028)
+#    pragma warning(disable : 4189)
 #    pragma warning(disable : 4715)
 #    pragma warning(disable : 4232)
 #    pragma warning(disable : 4068)

source/external/cJSON.c

@@ -127,7 +127,7 @@ CJSON_PUBLIC(double) cJSON_GetNumberValue(const cJSON * const item)
 }
 
 /* This is a safeguard to prevent copy-pasters from using incompatible C and header files */
-#if (CJSON_VERSION_MAJOR != 1) || (CJSON_VERSION_MINOR != 7) || (CJSON_VERSION_PATCH != 18)
+#if (CJSON_VERSION_MAJOR != 1) || (CJSON_VERSION_MINOR != 7) || (CJSON_VERSION_PATCH != 19)
     #error cJSON.h and cJSON.c have different versions. Make sure that both have the same.
 #endif
 
@@ -318,9 +318,11 @@ static cJSON_bool parse_number(cJSON * const item, parse_buffer * const input_bu
 {
     double number = 0;
     unsigned char *after_end = NULL;
-    unsigned char number_c_string[64];
+    unsigned char *number_c_string;
     unsigned char decimal_point = get_decimal_point();
     size_t i = 0;
+    size_t number_string_length = 0;
+    cJSON_bool has_decimal_point = false;
 
     if ((input_buffer == NULL) || (input_buffer->content == NULL))
     {
@@ -330,7 +332,7 @@ static cJSON_bool parse_number(cJSON * const item, parse_buffer * const input_bu
     /* copy the number into a temporary buffer and replace '.' with the decimal point
      * of the current locale (for strtod)
      * This also takes care of '\0' not necessarily being available for marking the end of the input */
-    for (i = 0; (i < (sizeof(number_c_string) - 1)) && can_access_at_index(input_buffer, i); i++)
+    for (i = 0; can_access_at_index(input_buffer, i); i++)
     {
         switch (buffer_at_offset(input_buffer)[i])
         {
@@ -348,23 +350,46 @@ static cJSON_bool parse_number(cJSON * const item, parse_buffer * const input_bu
             case '-':
             case 'e':
             case 'E':
-                number_c_string[i] = buffer_at_offset(input_buffer)[i];
+                number_string_length++;
                 break;
 
             case '.':
-                number_c_string[i] = decimal_point;
+                number_string_length++;
+                has_decimal_point = true;
                 break;
 
             default:
                 goto loop_end;
         }
     }
 loop_end:
-    number_c_string[i] = '\0';
+    /* malloc for temporary buffer, add 1 for '\0' */
+    number_c_string = (unsigned char *) input_buffer->hooks.allocate(number_string_length + 1);
+    if (number_c_string == NULL)
+    {
+        return false; /* allocation failure */
+    }
+
+    memcpy(number_c_string, buffer_at_offset(input_buffer), number_string_length);
+    number_c_string[number_string_length] = '\0';
+
+    if (has_decimal_point)
+    {
+        for (i = 0; i < number_string_length; i++)
+        {
+            if (number_c_string[i] == '.')
+            {
+                /* replace '.' with the decimal point of the current locale (for strtod) */
+                number_c_string[i] = decimal_point;
+            }
+        }
+    }
 
     number = strtod((const char*)number_c_string, (char**)&after_end);
     if (number_c_string == after_end)
     {
+        /* free the temporary buffer */
+        input_buffer->hooks.deallocate(number_c_string);
         return false; /* parse_error */
     }
 
@@ -387,6 +412,8 @@ static cJSON_bool parse_number(cJSON * const item, parse_buffer * const input_bu
     item->type = cJSON_Number;
 
     input_buffer->offset += (size_t)(after_end - number_c_string);
+    /* free the temporary buffer */
+    input_buffer->hooks.deallocate(number_c_string);
     return true;
 }
 
@@ -413,6 +440,8 @@ CJSON_PUBLIC(double) cJSON_SetNumberHelper(cJSON *object, double number)
 CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring)
 {
     char *copy = NULL;
+    size_t v1_len;
+    size_t v2_len;
     /* if object's type is not cJSON_String or is cJSON_IsReference, it should not set valuestring */
     if ((object == NULL) || !(object->type & cJSON_String) || (object->type & cJSON_IsReference))
     {
@@ -423,8 +452,17 @@ CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring)
     {
         return NULL;
     }
-    if (strlen(valuestring) <= strlen(object->valuestring))
+
+    v1_len = strlen(valuestring);
+    v2_len = strlen(object->valuestring);
+
+    if (v1_len <= v2_len)
     {
+        /* strcpy does not handle overlapping string: [X1, X2] [Y1, Y2] => X2 < Y1 or Y2 < X1 */
+        if (!( valuestring + v1_len < object->valuestring || object->valuestring + v2_len < valuestring ))
+        {
+            return NULL;
+        }
         strcpy(object->valuestring, valuestring);
         return object->valuestring;
     }
@@ -2218,7 +2256,7 @@ CJSON_PUBLIC(cJSON*) cJSON_AddArrayToObject(cJSON * const object, const char * c
 
 CJSON_PUBLIC(cJSON *) cJSON_DetachItemViaPointer(cJSON *parent, cJSON * const item)
 {
-    if ((parent == NULL) || (item == NULL))
+    if ((parent == NULL) || (item == NULL) || (item != parent->child && item->prev == NULL))
     {
         return NULL;
     }
@@ -2740,7 +2778,14 @@ CJSON_PUBLIC(cJSON *) cJSON_CreateStringArray(const char *const *strings, int co
 }
 
 /* Duplication */
+cJSON * cJSON_Duplicate_rec(const cJSON *item, size_t depth, cJSON_bool recurse);
+
 CJSON_PUBLIC(cJSON *) cJSON_Duplicate(const cJSON *item, cJSON_bool recurse)
+{
+    return cJSON_Duplicate_rec(item, 0, recurse );
+}
+
+cJSON * cJSON_Duplicate_rec(const cJSON *item, size_t depth, cJSON_bool recurse)
 {
     cJSON *newitem = NULL;
     cJSON *child = NULL;
@@ -2787,7 +2832,10 @@ CJSON_PUBLIC(cJSON *) cJSON_Duplicate(const cJSON *item, cJSON_bool recurse)
     child = item->child;
     while (child != NULL)
     {
-        newchild = cJSON_Duplicate(child, true); /* Duplicate (with recurse) each item in the ->next chain */
+        if(depth >= CJSON_CIRCULAR_LIMIT) {
+            goto fail;
+        }
+        newchild = cJSON_Duplicate_rec(child, depth + 1, true); /* Duplicate (with recurse) each item in the ->next chain */
         if (!newchild)
         {
             goto fail;

source/external/cJSON.h

@@ -88,7 +88,7 @@ then using the CJSON_API_VISIBILITY flag to "export" the same symbols the way CJ
 /* project version */
 #define CJSON_VERSION_MAJOR 1
 #define CJSON_VERSION_MINOR 7
-#define CJSON_VERSION_PATCH 18
+#define CJSON_VERSION_PATCH 19
 
 #include <stddef.h>
 
@@ -144,6 +144,12 @@ typedef int cJSON_bool;
 #define CJSON_NESTING_LIMIT 1000
 #endif
 
+/* Limits the length of circular references can be before cJSON rejects to parse them.
+ * This is to prevent stack overflows. */
+#ifndef CJSON_CIRCULAR_LIMIT
+#define CJSON_CIRCULAR_LIMIT 10000
+#endif
+
 /* returns the version of cJSON as a string */
 CJSON_PUBLIC(const char*) cJSON_Version(void);
 

source/external/libcbor/cbor.c

@@ -5,6 +5,9 @@
  * it under the terms of the MIT license. See LICENSE for details.
  */
 
+#include <stdbool.h>
+#include <string.h>
+
 #include "cbor.h"
 #include "cbor/internal/builder_callbacks.h"
 #include "cbor/internal/loaders.h"
@@ -115,6 +118,9 @@ cbor_item_t* cbor_load(cbor_data source, size_t source_size,
 }
 
 static cbor_item_t* _cbor_copy_int(cbor_item_t* item, bool negative) {
+  CBOR_ASSERT(cbor_isa_uint(item) || cbor_isa_negint(item));
+  CBOR_ASSERT(cbor_int_get_width(item) >= CBOR_INT_8 &&
+              cbor_int_get_width(item) <= CBOR_INT_64);
   cbor_item_t* res = NULL;
   switch (cbor_int_get_width(item)) {
     case CBOR_INT_8:
@@ -137,6 +143,9 @@ static cbor_item_t* _cbor_copy_int(cbor_item_t* item, bool negative) {
 }
 
 static cbor_item_t* _cbor_copy_float_ctrl(cbor_item_t* item) {
+  CBOR_ASSERT(cbor_isa_float_ctrl(item));
+  CBOR_ASSERT(cbor_float_get_width(item) >= CBOR_FLOAT_0 &&
+              cbor_float_get_width(item) <= CBOR_FLOAT_64);
   switch (cbor_float_get_width(item)) {
     case CBOR_FLOAT_0:
       return cbor_build_ctrl(cbor_ctrl_value(item));
@@ -146,13 +155,14 @@ static cbor_item_t* _cbor_copy_float_ctrl(cbor_item_t* item) {
       return cbor_build_float4(cbor_float_get_float4(item));
     case CBOR_FLOAT_64:
       return cbor_build_float8(cbor_float_get_float8(item));
-    default:
+    default:  // LCOV_EXCL_START
       _CBOR_UNREACHABLE;
-      return NULL;
+      return NULL;  // LCOV_EXCL_START
   }
 }
 
 cbor_item_t* cbor_copy(cbor_item_t* item) {
+  CBOR_ASSERT_VALID_TYPE(cbor_typeof(item));
   switch (cbor_typeof(item)) {
     case CBOR_TYPE_UINT:
       return _cbor_copy_int(item, false);
@@ -283,9 +293,138 @@ cbor_item_t* cbor_copy(cbor_item_t* item) {
     }
     case CBOR_TYPE_FLOAT_CTRL:
       return _cbor_copy_float_ctrl(item);
-    default:
+    default:  // LCOV_EXCL_START
+      _CBOR_UNREACHABLE;
+      return NULL;  // LCOV_EXCL_STOP
+  }
+}
+
+cbor_item_t* cbor_copy_definite(cbor_item_t* item) {
+  CBOR_ASSERT_VALID_TYPE(cbor_typeof(item));
+  switch (cbor_typeof(item)) {
+    case CBOR_TYPE_UINT:
+    case CBOR_TYPE_NEGINT:
+      return cbor_copy(item);
+    case CBOR_TYPE_BYTESTRING:
+      if (cbor_bytestring_is_definite(item)) {
+        return cbor_copy(item);
+      } else {
+        size_t total_length = 0;
+        for (size_t i = 0; i < cbor_bytestring_chunk_count(item); i++) {
+          total_length +=
+              cbor_bytestring_length(cbor_bytestring_chunks_handle(item)[i]);
+        }
+
+        unsigned char* combined_data = _cbor_malloc(total_length);
+        if (combined_data == NULL) {
+          return NULL;
+        }
+
+        size_t offset = 0;
+        for (size_t i = 0; i < cbor_bytestring_chunk_count(item); i++) {
+          cbor_item_t* chunk = cbor_bytestring_chunks_handle(item)[i];
+          memcpy(combined_data + offset, cbor_bytestring_handle(chunk),
+                 cbor_bytestring_length(chunk));
+          offset += cbor_bytestring_length(chunk);
+        }
+
+        cbor_item_t* res = cbor_new_definite_bytestring();
+        cbor_bytestring_set_handle(res, combined_data, total_length);
+        return res;
+      }
+    case CBOR_TYPE_STRING:
+      if (cbor_string_is_definite(item)) {
+        return cbor_copy(item);
+      } else {
+        size_t total_length = 0;
+        for (size_t i = 0; i < cbor_string_chunk_count(item); i++) {
+          total_length +=
+              cbor_string_length(cbor_string_chunks_handle(item)[i]);
+        }
+
+        unsigned char* combined_data = _cbor_malloc(total_length);
+        if (combined_data == NULL) {
+          return NULL;
+        }
+
+        size_t offset = 0;
+        for (size_t i = 0; i < cbor_string_chunk_count(item); i++) {
+          cbor_item_t* chunk = cbor_string_chunks_handle(item)[i];
+          memcpy(combined_data + offset, cbor_string_handle(chunk),
+                 cbor_string_length(chunk));
+          offset += cbor_string_length(chunk);
+        }
+
+        cbor_item_t* res = cbor_new_definite_string();
+        cbor_string_set_handle(res, combined_data, total_length);
+        return res;
+      }
+    case CBOR_TYPE_ARRAY: {
+      cbor_item_t* res = cbor_new_definite_array(cbor_array_size(item));
+      if (res == NULL) {
+        return NULL;
+      }
+
+      for (size_t i = 0; i < cbor_array_size(item); i++) {
+        cbor_item_t* entry_copy =
+            cbor_copy_definite(cbor_array_handle(item)[i]);
+        if (entry_copy == NULL) {
+          cbor_decref(&res);
+          return NULL;
+        }
+        // Cannot fail since we have a definite array preallocated
+        // cppcheck-suppress syntaxError
+        const bool item_pushed _CBOR_UNUSED = cbor_array_push(res, entry_copy);
+        CBOR_ASSERT(item_pushed);
+        cbor_decref(&entry_copy);
+      }
+      return res;
+    }
+    case CBOR_TYPE_MAP: {
+      cbor_item_t* res;
+      res = cbor_new_definite_map(cbor_map_size(item));
+      if (res == NULL) {
+        return NULL;
+      }
+
+      struct cbor_pair* it = cbor_map_handle(item);
+      for (size_t i = 0; i < cbor_map_size(item); i++) {
+        cbor_item_t* key_copy = cbor_copy_definite(it[i].key);
+        if (key_copy == NULL) {
+          cbor_decref(&res);
+          return NULL;
+        }
+        cbor_item_t* value_copy = cbor_copy_definite(it[i].value);
+        if (value_copy == NULL) {
+          cbor_decref(&res);
+          cbor_decref(&key_copy);
+          return NULL;
+        }
+        // Cannot fail since we have a definite map preallocated
+        // cppcheck-suppress syntaxError
+        const bool item_added _CBOR_UNUSED = cbor_map_add(
+            res, (struct cbor_pair){.key = key_copy, .value = value_copy});
+        CBOR_ASSERT(item_added);
+        cbor_decref(&key_copy);
+        cbor_decref(&value_copy);
+      }
+      return res;
+    }
+    case CBOR_TYPE_TAG: {
+      cbor_item_t* item_copy =
+          cbor_copy_definite(cbor_move(cbor_tag_item(item)));
+      if (item_copy == NULL) {
+        return NULL;
+      }
+      cbor_item_t* tag = cbor_build_tag(cbor_tag_value(item), item_copy);
+      cbor_decref(&item_copy);
+      return tag;
+    }
+    case CBOR_TYPE_FLOAT_CTRL:
+      return cbor_copy(item);
+    default:  // LCOV_EXCL_START
       _CBOR_UNREACHABLE;
-      return NULL;
+      return NULL;  // LCOV_EXCL_STOP
   }
 }
 
@@ -309,6 +448,8 @@ static void _cbor_type_marquee(FILE* out, char* label, int indent) {
 }
 
 static void _cbor_nested_describe(cbor_item_t* item, FILE* out, int indent) {
+  CBOR_ASSERT(cbor_typeof(item) >= CBOR_TYPE_UINT &&
+              cbor_typeof(item) <= CBOR_TYPE_FLOAT_CTRL);
   const int indent_offset = 4;
   switch (cbor_typeof(item)) {
     case CBOR_TYPE_UINT: {