--- /dev/null
+From 31531a6e6b5641398237ce15b7e62da02d975fc6 Mon Sep 17 00:00:00 2001
+From: Like Ma <likemartinma@gmail.com>
+Date: Sat, 2 Dec 2023 19:55:55 +0800
+Subject: [PATCH] Fix for CVE-2023-33460a
+
+Memory leak in yajl 2.1.0 with use of yajl_tree_parse function
+See https://github.com/lloyd/yajl/issues/250#issuecomment-1628695214
+
+Origin: https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698
+Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1039984
+Bug: https://github.com/lloyd/yajl/issues/250
+---
+ src/yajl_tree.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- a/src/yajl_tree.c
++++ b/src/yajl_tree.c
+@@ -143,7 +143,7 @@ static yajl_val context_pop(context_t *c
+ ctx->stack = stack->next;
+
+ v = stack->value;
+-
++ free (stack->key);
+ free (stack);
+
+ return (v);
+@@ -444,7 +444,14 @@ yajl_val yajl_tree_parse (const char *in
+ snprintf(error_buffer, error_buffer_size, "%s", internal_err_str);
+ YA_FREE(&(handle->alloc), internal_err_str);
+ }
++ while(ctx.stack != NULL) {
++ yajl_val v = context_pop(&ctx);
++ yajl_tree_free(v);
++ }
+ yajl_free (handle);
++ //If the requested memory is not released in time, it will cause memory leakage
++ if(ctx.root)
++ yajl_tree_free(ctx.root);
+ return NULL;
+ }
+
+++ /dev/null
---- a/reformatter/CMakeLists.txt
-+++ b/reformatter/CMakeLists.txt
-@@ -26,7 +26,7 @@ LINK_DIRECTORIES(${CMAKE_CURRENT_BINARY_
-
- ADD_EXECUTABLE(json_reformat ${SRCS})
-
--TARGET_LINK_LIBRARIES(json_reformat yajl_s)
-+TARGET_LINK_LIBRARIES(json_reformat yajl_s m)
-
- # In some environments, we must explicitly link libm (like qnx,
- # thanks @shahbag)
+++ /dev/null
---- a/perf/CMakeLists.txt
-+++ b/perf/CMakeLists.txt
-@@ -20,4 +20,4 @@ LINK_DIRECTORIES(${CMAKE_CURRENT_BINARY_
-
- ADD_EXECUTABLE(perftest ${SRCS})
-
--TARGET_LINK_LIBRARIES(perftest yajl_s)
-+TARGET_LINK_LIBRARIES(perftest yajl_s m)
projects / feed / packages.git / commitdiff