|
| 1 | +When using the `cJSON_ReplaceItemInObject` function the return value has to be |
| 2 | +checked to know if the insertion was successfull. In an error case the object to |
| 3 | +insert needs to be deleted manually. E.g. |
| 4 | +``` |
| 5 | +if (!cJSON_ReplaceItemInObject(json, key.c_str(), itemToInsert)) { |
| 6 | + cJSON_Delete(itemToInsert); |
| 7 | +} |
| 8 | +``` |
| 9 | + |
| 10 | +Make sure that the `FuzzedDataProvider::ConsumeIntegralInRange(min, max)` |
| 11 | +function is never called with a `max` parameter that is smaller then `min`. |
| 12 | + |
| 13 | +The function `cJSON_AddItemToArray` transfers the ownership of the inserted |
| 14 | +item to the array. The inserted item does not need to be manually deleted. The |
| 15 | +inserted item is not allowed to be used after it has been removed from the |
| 16 | +array with `cJSON_DeleteItemFromArray`. |
| 17 | + |
| 18 | +The `cJSON_ParseWithLength` function needs to be called with a buffer and its |
| 19 | +corresponding size. If there is a `FuzzedDataProvider` allocated string then |
| 20 | +the string size should be used and not the fuzzer input size. |
| 21 | + |
| 22 | +Don't delete individual items that are extracted from a JSON array with the |
| 23 | +function `cJSON_GetArrayItem`. Instead delete the entire json array or json |
| 24 | +object containing the array. |
0 commit comments