jplist: Fix NULL pointer dereference by handling errors from unescape_string correctly
Credit to OSS-Fuzz
diff --git a/src/jplist.c b/src/jplist.c
index ace4bff..c149d20 100644
--- a/src/jplist.c
+++ b/src/jplist.c
@@ -549,6 +549,9 @@
size_t str_len = 0; ;
char* strval = unescape_string(js + tokens[*index].start, tokens[*index].end - tokens[*index].start, &str_len);
+ if (!strval) {
+ return NULL;
+ }
plist_t node;
plist_data_t data = plist_new_plist_data();
@@ -612,6 +615,9 @@
for (num = 0; num < num_tokens; num++) {
if (tokens[j].type == JSMN_STRING) {
char* key = unescape_string(js + tokens[j].start, tokens[j].end - tokens[j].start, NULL);
+ if (!key) {
+ return NULL;
+ }
plist_t val = NULL;
j++;
num++;