@@ -738,6 +738,11 @@ static plist_t parse_array(const char* js, jsmntok_info_t* ti, int* index, uint3
738738 return NULL ;
739739 }
740740 plist_t arr = plist_new_array ();
741+ if (!arr ) {
742+ PLIST_JSON_ERR ("%s: failed to create array node\n" , __func__ );
743+ ti -> err = PLIST_ERR_NO_MEM ;
744+ return NULL ;
745+ }
741746 size_t num_tokens = ti -> tokens [* index ].size ;
742747 size_t num ;
743748 int j = (* index )+ 1 ;
@@ -767,6 +772,13 @@ static plist_t parse_array(const char* js, jsmntok_info_t* ti, int* index, uint3
767772 }
768773 if (val ) {
769774 plist_array_append_item (arr , val );
775+ // if append failed, val still has no parent, free it and abort
776+ if (((node_t )val )-> parent == NULL ) {
777+ plist_free (val );
778+ plist_free (arr );
779+ ti -> err = PLIST_ERR_NO_MEM ;
780+ return NULL ;
781+ }
770782 } else {
771783 plist_free (arr );
772784 ti -> err = PLIST_ERR_PARSE ;
@@ -798,6 +810,11 @@ static plist_t parse_object(const char* js, jsmntok_info_t* ti, int* index, uint
798810 return NULL ;
799811 }
800812 plist_t obj = plist_new_dict ();
813+ if (!obj ) {
814+ PLIST_JSON_ERR ("%s: failed to create dict node\n" , __func__ );
815+ ti -> err = PLIST_ERR_NO_MEM ;
816+ return NULL ;
817+ }
801818 for (num = 0 ; num < num_tokens ; num ++ ) {
802819 if (j + 1 >= ti -> count ) {
803820 PLIST_JSON_ERR ("%s: token index out of valid range\n" , __func__ );
@@ -833,6 +850,14 @@ static plist_t parse_object(const char* js, jsmntok_info_t* ti, int* index, uint
833850 }
834851 if (val ) {
835852 plist_dict_set_item (obj , key , val );
853+ // if set failed, val still has no parent, free it and abort
854+ if (((node_t )val )-> parent == NULL ) {
855+ plist_free (val );
856+ free (key );
857+ plist_free (obj );
858+ ti -> err = PLIST_ERR_NO_MEM ;
859+ return NULL ;
860+ }
836861 } else {
837862 free (key );
838863 plist_free (obj );
0 commit comments