I have identified the same issue. Parsing a relatively small file may result in a calloc failure because lh_table_new attempts to allocate an incorrectly size block of memory. In my case it attempted to allocate over 68 GiB in a single allocation.
The cause seems to be the changes in the CVE patch:
* SECURITY UPDATE: Integer overflows
- debian/patches/CVE-2020-12762-*.patch: fix a series of
integer overflows adding checks in linkhash.c, printbuf.c.
- CVE-2020-12762
-- <email address hidden> (Leonidas S. Barbosa) Mon, 11 May 2020 16:29:02 -0300
I have identified the same issue. Parsing a relatively small file may result in a calloc failure because lh_table_new attempts to allocate an incorrectly size block of memory. In my case it attempted to allocate over 68 GiB in a single allocation.
The cause seems to be the changes in the CVE patch:
json-c (0.12.1- 1.3ubuntu0. 1) bionic-security; urgency=medium
* SECURITY UPDATE: Integer overflows patches/ CVE-2020- 12762-* .patch: fix a series of
- debian/
integer overflows adding checks in linkhash.c, printbuf.c.
- CVE-2020-12762
-- <email address hidden> (Leonidas S. Barbosa) Mon, 11 May 2020 16:29:02 -0300