Skip to content

fix: avoid NULL deref in cjson.encode_indent() with no args / nil#124

Open
perfgao wants to merge 1 commit into
openresty:masterfrom
perfgao:fix/encode-indent-null-deref
Open

fix: avoid NULL deref in cjson.encode_indent() with no args / nil#124
perfgao wants to merge 1 commit into
openresty:masterfrom
perfgao:fix/encode-indent-null-deref

Conversation

@perfgao
Copy link
Copy Markdown

@perfgao perfgao commented May 28, 2026

Summary

Calling cjson.encode_indent() or cjson.encode_indent(nil) crashes with SIGSEGV.

Root cause: DEFAULT_ENCODE_INDENT is NULL (lua_cjson.c:95). json_string_option skips assignment when the argument is nil, so cfg->encode_indent stays NULL, and the subsequent cfg->encode_indent[0] == '\0' check at line 436 dereferences NULL.

Fix: NULL-check before reading the first byte.

Repro

local cjson = require "cjson"
cjson.encode_indent()      -- crashes
cjson.encode_indent(nil)   -- crashes

Test plan

  • cjson.encode_indent() no longer crashes; returns current indent setting.
  • cjson.encode_indent(nil) same as above.
  • cjson.encode_indent(" ") still works.

@perfgao @claude
fix: avoid NULL deref in cjson.encode_indent() when called with no ar…
df972e8 
…gs / nil

DEFAULT_ENCODE_INDENT is NULL and json_string_option skips assignment when
the argument is nil, so cfg->encode_indent[0] dereferenced NULL and crashed.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@perfgao