jplist: Fix NULL pointer dereference by handling errors from unescape_string correctly Credit to OSS-Fuzz

commit: 088cdab964e6cd88b7f15f36eb3e08d38189cd21 [log] [tgz]
author: Nikias Bassen <nikias@gmx.li> Fri Jan 28 22:11:00 2022 +0100
committer: Nikias Bassen <nikias@gmx.li> Fri Jan 28 22:12:09 2022 +0100
tree: c34ccf3bbd7db715dabf76adccb8decda5f502a4
parent: 6ef1c269792ece2842f65b4b6966ebac3b21a8e3 [diff]
diff --git a/src/jplist.c b/src/jplist.c
index ace4bff..c149d20 100644
--- a/src/jplist.c
+++ b/src/jplist.c

@@ -549,6 +549,9 @@
 
     size_t str_len = 0; ;
     char* strval = unescape_string(js + tokens[*index].start, tokens[*index].end - tokens[*index].start, &str_len);
+    if (!strval) {
+        return NULL;
+    }
     plist_t node;
 
     plist_data_t data = plist_new_plist_data();
@@ -612,6 +615,9 @@
     for (num = 0; num < num_tokens; num++) {
         if (tokens[j].type == JSMN_STRING) {
             char* key = unescape_string(js + tokens[j].start, tokens[j].end - tokens[j].start, NULL);
+            if (!key) {
+                return NULL;
+            }
             plist_t val = NULL;
             j++;
             num++;
commit	088cdab964e6cd88b7f15f36eb3e08d38189cd21	[log] [tgz]
author	Nikias Bassen <nikias@gmx.li>	Fri Jan 28 22:11:00 2022 +0100
committer	Nikias Bassen <nikias@gmx.li>	Fri Jan 28 22:12:09 2022 +0100
tree	c34ccf3bbd7db715dabf76adccb8decda5f502a4
parent	6ef1c269792ece2842f65b4b6966ebac3b21a8e3 [diff]