Page MenuHome GnuPG
Create Task
Maniphest T4328

Missing case distinction for value "NaN" and "Inf" of IEEE floating point variable in function print_number(...) in the file cJSON.c:176
Closed, ResolvedPublic
Actions

Description

(SYSTEM: ArchLinux - current version, gpgme version 1.12.0)
In print_number of cJSON.c is not able to print "NaN" or "inf", if this values are in a cJSON-object. “NaN” or “inf” are possible states of IEEE 754 floating point representation.

FIX:

static char * print_number (cJSON * item){
...
 Else {
    str = xtrymalloc (64);  /* This is a nice tradeoff. */
    if (str){
    if (fabs (floor (d) - d) <= DBL_EPSILON && fabs (d) < 1.0e60)
      sprintf (str, "%.0f", d);
    else if (fabs (d) < 1.0e-6 || fabs (d) > 1.0e9)
      sprintf (str, "%e", d);
+    else if( isnan(n) || isinf(n) )  {
+      sprintf (str, "%s", “nan or inf”);
+    }
    else
      sprintf (str, "%f", d);
  }

found with libFuzzer and ASAN by clang 7.0.1

regards
Sirko Höer
Code Intelligence GmbH

Details

Version
1.12.0

Revisions and Commits

rM GPGME
rMf56c996318df json: Print "nan", "-inf", "inf" if needed.

Event Timeline

Hoeer.Code-Intelligence created this task.Jan 18 2019, 10:18 PM
aheinecke claimed this task.Jan 23 2019, 8:42 AM
aheinecke triaged this task as Normal priority.
aheinecke added a subscriber: aheinecke.

Thanks, I don't think that it is a problem for our usecase but the fix is trivial and we should apply it.

werner added a commit: rMf56c996318df: json: Print "nan", "-inf", "inf" if needed..Jun 4 2019, 10:57 AM
werner closed this task as Resolved.Jun 4 2019, 10:58 AM
werner added a subscriber: werner.

Fixed similar to the suggestion but NaN and INF are detected earlier.