Most of the crashes found by AFL are because Unicode handling is broken. \u followed by something that is not a number will in most cases crash the library.
Unfortunately, this part of the code is one of those parts that I don't really understand how it works, so I didn't rewrite it when I did the fork.
Most of the crashes found by AFL are because Unicode handling is broken.
\u
followed by something that is not a number will in most cases crash the library.Unfortunately, this part of the code is one of those parts that I don't really understand how it works, so I didn't rewrite it when I did the fork.
Nevertheless, this definitely needs to be tackled. There's a patch in cJSON that fixes it, I may be able to port it over: https://github.com/DaveGamble/cJSON/commit/ee579ecbd69447c6f43ecb22f9f3d3102580138b