From e91a9583d820b054bd17b84a6994fc2aed930194 Mon Sep 17 00:00:00 2001
From: Julian Bouzas <julian.bouzas@collabora.com>
Date: Mon, 19 Jun 2023 08:07:02 -0400
Subject: [PATCH] spa-json: Fix conditional jump on uninitialised value when
 adding empty strings to builder

Similar to wp_spa_json_builder_add_property(), we need to make sure the dst
array in wp_spa_json_builder_add_string() has room for the null character
because builder_add() expects it.

Fixes #471
---
 lib/wp/spa-json.c   |  2 +-
 tests/wp/spa-json.c | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+), 1 deletion(-)

diff --git a/lib/wp/spa-json.c b/lib/wp/spa-json.c
index 6c797cf9..6fa1e231 100644
--- a/lib/wp/spa-json.c
+++ b/lib/wp/spa-json.c
@@ -1074,7 +1074,7 @@ wp_spa_json_builder_add_float (WpSpaJsonBuilder *self, float value)
 void
 wp_spa_json_builder_add_string (WpSpaJsonBuilder *self, const gchar *value)
 {
-  size_t size = (strlen (value) * 4) + 2;
+  size_t size = (strlen (value) * 4) + 3;
   gchar dst[size];
   gint enc_size;
   ensure_separator (self, FALSE);
diff --git a/tests/wp/spa-json.c b/tests/wp/spa-json.c
index 2979c0e3..80b78dd1 100644
--- a/tests/wp/spa-json.c
+++ b/tests/wp/spa-json.c
@@ -280,6 +280,8 @@ test_spa_json_object_builder_parser_iterator (void)
     wp_spa_json_builder_add_float (b, 0.12f);
     wp_spa_json_builder_add_property (b, "key-string");
     wp_spa_json_builder_add_string (b, "str");
+    wp_spa_json_builder_add_property (b, "key-empty-string");
+    wp_spa_json_builder_add_string (b, "");
     json = wp_spa_json_builder_end (b);
   }
 
@@ -322,6 +324,13 @@ test_spa_json_object_builder_parser_iterator (void)
     g_assert_nonnull (v_string);
     g_assert_cmpstr (v_string, ==, "str");
 
+    g_autofree gchar *key_empty_string = wp_spa_json_parser_get_string (p);
+    g_assert_nonnull (key_empty_string);
+    g_assert_cmpstr (key_empty_string, ==, "key-empty-string");
+    g_autofree gchar *v_empty_string = wp_spa_json_parser_get_string (p);
+    g_assert_nonnull (v_empty_string);
+    g_assert_cmpstr (v_empty_string, ==, "");
+
     wp_spa_json_parser_end (p);
     g_assert_false (wp_spa_json_parser_get_null (p));
   }
@@ -446,6 +455,30 @@ test_spa_json_object_builder_parser_iterator (void)
     g_value_unset (&next);
   }
 
+  {
+    GValue next = G_VALUE_INIT;
+    g_assert_true (wp_iterator_next (it, &next));
+    WpSpaJson *j = g_value_get_boxed (&next);
+    g_assert_nonnull (j);
+    g_assert_true (wp_spa_json_is_string (j));
+    g_autofree gchar *v = wp_spa_json_parse_string (j);
+    g_assert_nonnull (v);
+    g_assert_cmpstr (v, ==, "key-empty-string");
+    g_value_unset (&next);
+  }
+
+  {
+    GValue next = G_VALUE_INIT;
+    g_assert_true (wp_iterator_next (it, &next));
+    WpSpaJson *j = g_value_get_boxed (&next);
+    g_assert_nonnull (j);
+    g_assert_true (wp_spa_json_is_string (j));
+    g_autofree gchar *v = wp_spa_json_parse_string (j);
+    g_assert_nonnull (v);
+    g_assert_cmpstr (v, ==, "");
+    g_value_unset (&next);
+  }
+
   g_assert_false (wp_iterator_next (it, NULL));
   wp_iterator_reset (it);