Headline
CVE-2023-23087: null def in function Destory · Issue #3 · scottcgi/MojoJson
An issue was found in MojoJson v1.2.3 allows attackers to execute arbitary code via the destroy function.
I tested your code with Xcode, and found an error:
Initializing ‘JsonValue’ with an expression of incompatible type 'JsonValue *’; dereference with *
Check the API of JsonValue:
JsonValue* (*Parse) (const char* jsonString);
So I changed the code to:
JsonValue* value = AJson->Parse(jstr);
But got a runtime error:
Invalid json value type, error char = :
Now the problem is that the string is not a valid json format:
char* jstr = ":#@$^^&^(";