From 897f3d50aac526d9658217d60b997b6fbf59ab8e Mon Sep 17 00:00:00 2001
From: Robert Sebastian Herlim <ngiooong@yahoo.com>
Date: Wed, 20 Oct 2021 15:38:13 +0900
Subject: [PATCH] Fix SEGV crash caused by Value(s) appended to itself.

Copying such Value(s) causes infinite recursion on `dupPayload` call.
---
 src/lib_json/json_value.cpp | 2 ++
 src/test_lib_json/main.cpp  | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/src/lib_json/json_value.cpp b/src/lib_json/json_value.cpp
index aa2b744..d7b17a1 100644
--- a/src/lib_json/json_value.cpp
+++ b/src/lib_json/json_value.cpp
@@ -1128,6 +1128,8 @@ Value& Value::append(const Value& value) { return append(Value(value)); }
 Value& Value::append(Value&& value) {
   JSON_ASSERT_MESSAGE(type() == nullValue || type() == arrayValue,
                       "in Json::Value::append: requires arrayValue");
+  JSON_ASSERT_MESSAGE(&value != this,
+                      "in Json::Value::append: appending self using move constructor is forbidden.");
   if (type() == nullValue) {
     *this = Value(arrayValue);
   }
diff --git a/src/test_lib_json/main.cpp b/src/test_lib_json/main.cpp
index d0f5364..8c622cc 100644
--- a/src/test_lib_json/main.cpp
+++ b/src/test_lib_json/main.cpp
@@ -2136,6 +2136,10 @@ JSONTEST_FIXTURE_LOCAL(ValueTest, searchValueByPath) {
     JSONTEST_ASSERT_STRING_EQUAL(expected, outcome);
   }
 }
+JSONTEST_FIXTURE_LOCAL(ValueTest, valueAppendingSelf) {
+  Json::Value value1{Json::ValueType::nullValue}, value2;
+  JSONTEST_ASSERT_THROWS(value2 = value1.append(std::move(value1)));
+}
 struct FastWriterTest : JsonTest::TestCase {};
 
 JSONTEST_FIXTURE_LOCAL(FastWriterTest, dropNullPlaceholders) {