Found a null pointer dereference in json_prettify when processing objects with empty string keys.
What's happening
When json_prettify hits an empty string key inside a nested structure, it goes through prettify_cb → print_key → json_printer_buf. At frozen.c:476, print_key passes a null pointer as the second argument to json_printer_buf, which calls memcpy on it. Passing null to memcpy is UB regardless of the length argument.
Crash Input:
[[[[[[[[[[[[[[[[[[[[[[[[{"":[[[[[[[[[[[[[[[[[[[[[...
Crashes with SIGILL (UBSan abort).
Found a null pointer dereference in
json_prettifywhen processing objects with empty string keys.What's happening
When
json_prettifyhits an empty string key inside a nested structure, it goes throughprettify_cb→print_key→json_printer_buf. At frozen.c:476,print_keypasses a null pointer as the second argument tojson_printer_buf, which callsmemcpyon it. Passing null tomemcpyis UB regardless of the length argument.Crash Input:
[[[[[[[[[[[[[[[[[[[[[[[[{"":[[[[[[[[[[[[[[[[[[[[[...
Crashes with SIGILL (UBSan abort).