From 2d63eeebf4cb425bb2d11173b76ef02cc56ed362 Mon Sep 17 00:00:00 2001
From: npt-1707 <npthanh132@gmail.com>
Date: Thu, 22 May 2025 23:57:40 +0800
Subject: [PATCH] add NULL checkings

---
 svf/lib/Util/cJSON.cpp | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/svf/lib/Util/cJSON.cpp b/svf/lib/Util/cJSON.cpp
index 0cdf8c5d4..1df239a1b 100644
--- a/svf/lib/Util/cJSON.cpp
+++ b/svf/lib/Util/cJSON.cpp
@@ -402,10 +402,14 @@ CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring)
 {
     char *copy = NULL;
     /* if object's type is not cJSON_String or is cJSON_IsReference, it should not set valuestring */
-    if (!(object->type & cJSON_String) || (object->type & cJSON_IsReference))
+    if ((object == NULL) || !(object->type & cJSON_String) || (object->type & cJSON_IsReference))
     {
         return NULL;
     }
+    /* return NULL if the object is corrupted */
+    if (object->valuestring == NULL)
+        return NULL;
+    }
     if (strlen(valuestring) <= strlen(object->valuestring))
     {
         strcpy(object->valuestring, valuestring);
@@ -2270,7 +2274,7 @@ CJSON_PUBLIC(cJSON_bool) cJSON_InsertItemInArray(cJSON *array, int which, cJSON
 {
     cJSON *after_inserted = NULL;
 
-    if (which < 0)
+    if (which < 0 || newitem == NULL)
     {
         return false;
     }
@@ -2281,6 +2285,11 @@ CJSON_PUBLIC(cJSON_bool) cJSON_InsertItemInArray(cJSON *array, int which, cJSON
         return add_item_to_array(array, newitem);
     }
 
+    if (after_inserted != array->child && newitem->prev == NULL) {
+        /* return false if after_inserted is a corrupted array item */
+        return false;
+    }
+
     newitem->next = after_inserted;
     newitem->prev = after_inserted->prev;
     after_inserted->prev = newitem;