sofa-pbrpc icon indicating copy to clipboard operation
sofa-pbrpc copied to clipboard
verified publisher icon baidu

Fix a null pointer dereference bug in function parse_msg

Open mugitya03 opened this issue 10 months ago • 0 comments

In function field2json, if repeated = false, the NULL value of json is returned to the caller.

static rapidjson::Value* field2json(const Message *msg, const FieldDescriptor *field,
        rapidjson::Value::AllocatorType& allocator)
{
    ...
    rapidjson::Value* json = NULL;
    if (repeated)
    {
        json = new rapidjson::Value(rapidjson::kArrayType);
    }
    ...
    return json;
}

In caller function parse_msg, the return value of function field2json is dereferenced without any null value check, causing a null pointer dereference bug.

            rapidjson::Value* field_json = field2json(msg, field, allocator);
            root->AddMember(name, *field_json, allocator);

mugitya03 avatar Mar 10 '25 01:03 mugitya03