From 974a95db04f9cdea02867f0246445b4679517ba0 Mon Sep 17 00:00:00 2001
From: Andre Heinecke <aheinecke@intevation.de>
Date: Wed, 8 Aug 2018 13:30:01 +0200
Subject: [PATCH] json: Add checks when skipping byte

* src/cJSON.c (parse_string, cJSON_Minify): Check for
terminating NULL byte when skipping the byte after a an escaped
quote.
---
 src/cJSON.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/cJSON.c b/src/cJSON.c
index 65d105ba..eea1adf0 100644
--- a/src/cJSON.c
+++ b/src/cJSON.c
@@ -249,7 +249,7 @@ parse_string (cJSON * item, const char *str, const char **ep)
     }				/* not a string! */
 
   while (*ptr != '\"' && *ptr && ++len)
-    if (*ptr++ == '\\')
+    if (*ptr++ == '\\' && *ptr)
       ptr++;			/* Skip escaped quotes. */
 
   out = xtrymalloc (len + 2);	/* This is how long we need for the
@@ -268,6 +268,8 @@ parse_string (cJSON * item, const char *str, const char **ep)
       else
 	{
 	  ptr++;
+          if (!*ptr)
+            break;
 	  switch (*ptr)
 	    {
 	    case 'b':
@@ -1416,9 +1418,11 @@ cJSON_Minify (char *json)
 	    {
 	      if (*json == '\\')
 		*into++ = *json++;
-	      *into++ = *json++;
+	      if (*json)
+	        *into++ = *json++;
 	    }
-	  *into++ = *json++;
+          if (*json)
+            *into++ = *json++;
 	}			/* String literals, which are \" sensitive.  */
       else
 	*into++ = *json++;	/* All other characters.  */