From 715bf7216319c265f0ba2cdf806b94f93b7bb4d1 Mon Sep 17 00:00:00 2001
From: Rob Allie <roballie@gmail.com>
Date: Fri, 30 Jan 2015 14:40:10 -0500
Subject: [PATCH 1/9] modify jsoncpp because we aren't using stdc++11

---
 src/lib_json/json_writer.cpp | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/lib_json/json_writer.cpp b/src/lib_json/json_writer.cpp
index 6bb39010b..048cdbfcc 100644
--- a/src/lib_json/json_writer.cpp
+++ b/src/lib_json/json_writer.cpp
@@ -15,6 +15,7 @@
 #include <math.h>
 #include <stdio.h>
 #include <string.h>
+#include <boost/shared_ptr.hpp>
 
 #if defined(_MSC_VER) && _MSC_VER < 1500 // VC++ 8.0 and below
 #include <float.h>
@@ -1017,14 +1018,14 @@ StreamWriter* OldCompressingStreamWriterBuilder::newStreamWriter(
 
 std::string writeString(Value const& root, StreamWriter::Factory const& builder) {
   std::ostringstream sout;
-  std::unique_ptr<StreamWriter> const sw(builder.newStreamWriter(&sout));
+  boost::shared_ptr<StreamWriter> const sw(builder.newStreamWriter(&sout));
   sw->write(root);
   return sout.str();
 }
 
 std::ostream& operator<<(std::ostream& sout, Value const& root) {
   StreamWriterBuilder builder;
-  std::shared_ptr<StreamWriter> writer(builder.newStreamWriter(&sout));
+  boost::shared_ptr<StreamWriter> writer(builder.newStreamWriter(&sout));
   writer->write(root);
   return sout;
 }

From c36b6363ab0a49df9dce9b82be00b7f05a36e6e4 Mon Sep 17 00:00:00 2001
From: Stephen Wagner <s.wagner@techsmith.com>
Date: Thu, 2 Jul 2015 10:35:06 -0400
Subject: [PATCH 2/9] Make string to double conversion locale invariant.

---
 src/lib_json/json_reader.cpp | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/lib_json/json_reader.cpp b/src/lib_json/json_reader.cpp
index d2cff9a1c..a8893af5a 100644
--- a/src/lib_json/json_reader.cpp
+++ b/src/lib_json/json_reader.cpp
@@ -14,6 +14,7 @@
 #include <cassert>
 #include <cstring>
 #include <istream>
+#include <sstream>
 
 #if defined(_MSC_VER) && _MSC_VER < 1500 // VC++ 8.0 and below
 #define snprintf _snprintf
@@ -589,16 +590,22 @@ bool Reader::decodeDouble(Token& token, Value& decoded) {
   // info:
   //
   //     http://developer.apple.com/library/mac/#DOCUMENTATION/DeveloperTools/gcc-4.0.1/gcc/Incompatibilities.html
-  char format[] = "%lf";
+  // char format[] = "%lf";
 
   if (length <= bufferSize) {
     Char buffer[bufferSize + 1];
     memcpy(buffer, token.start_, length);
     buffer[length] = 0;
-    count = sscanf(buffer, format, &value);
+     std::istringstream is(buffer);
+     is.imbue(std::locale::classic());
+     is >> value;
+     count = (is.good() || is.eof());
   } else {
     std::string buffer(token.start_, token.end_);
-    count = sscanf(buffer.c_str(), format, &value);
+     std::istringstream is(buffer);
+     is.imbue(std::locale::classic());
+     is >> value;
+     count = (is.good() || is.eof());
   }
 
   if (count != 1)

From d4cfa9c11bcd984b085e3577ce797c3fd3fb788c Mon Sep 17 00:00:00 2001
From: David Cheng <d.cheng@techsmith.com>
Date: Wed, 3 Jun 2020 10:22:23 -0400
Subject: [PATCH 3/9] Revert "modify jsoncpp because we aren't using stdc++11"

This reverts commit 715bf7216319c265f0ba2cdf806b94f93b7bb4d1.
---
 src/lib_json/json_writer.cpp | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/lib_json/json_writer.cpp b/src/lib_json/json_writer.cpp
index 048cdbfcc..6bb39010b 100644
--- a/src/lib_json/json_writer.cpp
+++ b/src/lib_json/json_writer.cpp
@@ -15,7 +15,6 @@
 #include <math.h>
 #include <stdio.h>
 #include <string.h>
-#include <boost/shared_ptr.hpp>
 
 #if defined(_MSC_VER) && _MSC_VER < 1500 // VC++ 8.0 and below
 #include <float.h>
@@ -1018,14 +1017,14 @@ StreamWriter* OldCompressingStreamWriterBuilder::newStreamWriter(
 
 std::string writeString(Value const& root, StreamWriter::Factory const& builder) {
   std::ostringstream sout;
-  boost::shared_ptr<StreamWriter> const sw(builder.newStreamWriter(&sout));
+  std::unique_ptr<StreamWriter> const sw(builder.newStreamWriter(&sout));
   sw->write(root);
   return sout.str();
 }
 
 std::ostream& operator<<(std::ostream& sout, Value const& root) {
   StreamWriterBuilder builder;
-  boost::shared_ptr<StreamWriter> writer(builder.newStreamWriter(&sout));
+  std::shared_ptr<StreamWriter> writer(builder.newStreamWriter(&sout));
   writer->write(root);
   return sout;
 }

From a269af3aba09a3621a2384c9ea6dedae898b4689 Mon Sep 17 00:00:00 2001
From: David Cheng <d.cheng@techsmith.com>
Date: Tue, 20 Oct 2020 15:54:12 -0400
Subject: [PATCH 4/9] Fix some conversion/shadowing warnings

---
 src/lib_json/json_value.cpp | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/lib_json/json_value.cpp b/src/lib_json/json_value.cpp
index ed5aafe03..17dec477e 100644
--- a/src/lib_json/json_value.cpp
+++ b/src/lib_json/json_value.cpp
@@ -151,7 +151,7 @@ void Value::CommentInfo::setComment(const char* text, size_t len) {
       text[0] == '\0' || text[0] == '/',
       "in Json::Value::setComment(): Comments must start with /");
   // It seems that /**/ style comments are acceptable as well.
-  comment_ = duplicateStringValue(text, len);
+  comment_ = duplicateStringValue(text, static_cast<unsigned int>(len));
 }
 
 // //////////////////////////////////////////////////////////////////
@@ -1049,8 +1049,8 @@ bool Value::removeIndex(ArrayIndex index, Value* removed) {
   ArrayIndex oldSize = size();
   // shift left all items left, into the place of the "removed"
   for (ArrayIndex i = index; i < (oldSize - 1); ++i){
-    CZString key(i);
-    (*value_.map_)[key] = (*this)[i + 1];
+    CZString indexKey(i);
+    (*value_.map_)[indexKey] = (*this)[i + 1];
   }
   // erase the last one ("leftover")
   CZString keyLast(oldSize - 1);

From 58e4b7e6f366ec4318cc181a5a51ddea5fffd526 Mon Sep 17 00:00:00 2001
From: David Cheng <d.cheng@techsmith.com>
Date: Tue, 20 Oct 2020 16:12:09 -0400
Subject: [PATCH 5/9] Make cast from double->bool explicit

---
 src/lib_json/json_value.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib_json/json_value.cpp b/src/lib_json/json_value.cpp
index 17dec477e..a98fb239f 100644
--- a/src/lib_json/json_value.cpp
+++ b/src/lib_json/json_value.cpp
@@ -718,7 +718,7 @@ bool Value::asBool() const {
   case uintValue:
     return value_.uint_ ? true : false;
   case realValue:
-    return value_.real_ ? true : false;
+    return static_cast<bool>(value_.real_) ? true : false;
   default:
     break;
   }

From fc6ce767a558d058f89a34ddd2d601decb186f5b Mon Sep 17 00:00:00 2001
From: Mike Malburg <m.malburg@techsmith.com>
Date: Wed, 15 Feb 2023 17:02:35 -0500
Subject: [PATCH 6/9] Update .gitignore to ignore /out/ and /.vs/ dirs

---
 .gitignore | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.gitignore b/.gitignore
index 9682782fa..ee5dbe081 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,6 +11,8 @@
 /doc/doxyfile
 /dist/
 /.cache/
+/.vs/
+/out/
 
 # MSVC project files:
 *.sln

From 3385b6b8d188eae85d5ae75850f1af61062c7d8f Mon Sep 17 00:00:00 2001
From: Mike Malburg <m.malburg@techsmith.com>
Date: Thu, 23 Feb 2023 15:42:54 -0500
Subject: [PATCH 7/9] Make string to double conversion locale invariant.

Applying Stephen Wagner's fix from this commit to JsonCpp 1.9.5: c36b6363ab0a49df9dce9b82be00b7f05a36e6e4
---
 src/lib_json/json_reader.cpp | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/lib_json/json_reader.cpp b/src/lib_json/json_reader.cpp
index 1ac5e81ab..d9efd4602 100644
--- a/src/lib_json/json_reader.cpp
+++ b/src/lib_json/json_reader.cpp
@@ -601,6 +601,7 @@ bool Reader::decodeDouble(Token& token, Value& decoded) {
   double value = 0;
   String buffer(token.start_, token.end_);
   IStringStream is(buffer);
+  is.imbue( std::locale::classic() );
   if (!(is >> value)) {
     if (value == std::numeric_limits<double>::max())
       value = std::numeric_limits<double>::infinity();

From 9d9bb8a2e66941851139ff67b5b49fe1c3dc6eb0 Mon Sep 17 00:00:00 2001
From: "A.J. Orians" <ajorians@gmail.com>
Date: Mon, 27 Feb 2023 11:02:18 -0500
Subject: [PATCH 8/9] Look at first character if parse fails.

---
 src/lib_json/json_reader.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lib_json/json_reader.cpp b/src/lib_json/json_reader.cpp
index d9efd4602..33fb727be 100644
--- a/src/lib_json/json_reader.cpp
+++ b/src/lib_json/json_reader.cpp
@@ -603,9 +603,9 @@ bool Reader::decodeDouble(Token& token, Value& decoded) {
   IStringStream is(buffer);
   is.imbue( std::locale::classic() );
   if (!(is >> value)) {
-    if (value == std::numeric_limits<double>::max())
+    if (buffer.length() > 0 && buffer[0] != '-')
       value = std::numeric_limits<double>::infinity();
-    else if (value == std::numeric_limits<double>::lowest())
+    else if (buffer.length() > 0 && buffer[0] == '-')
       value = -std::numeric_limits<double>::infinity();
     else if (!std::isinf(value))
       return addError(

From 8a2f731cb387f86442915ea0b19456fadea968bf Mon Sep 17 00:00:00 2001
From: Leif Alton <l.alton@techsmith.com>
Date: Mon, 17 Feb 2025 18:58:00 -0500
Subject: [PATCH 9/9] Reduce the JSONCPP_DEPRECATED_STACK_LIMIT to 500.

This seems to fix the issues that the security team found here: https://github.com/TechSmith/CamtasiaWin/issues/23300.
---
 src/lib_json/json_reader.cpp | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/lib_json/json_reader.cpp b/src/lib_json/json_reader.cpp
index 33fb727be..11a18d578 100644
--- a/src/lib_json/json_reader.cpp
+++ b/src/lib_json/json_reader.cpp
@@ -44,8 +44,16 @@
 
 // Define JSONCPP_DEPRECATED_STACK_LIMIT as an appropriate integer at compile
 // time to change the stack limit
+// NOTE:LEA: reduced JSONCPP_DEPRECATED_STACK_LIMIT from 1000 to 500. This is the stack limit
+//           of the Reader::nodes_ and not the call stack limit of the system. At 1000, with a
+//           json file designed to cause stack overflow (as a hacking tool) this would overflow
+//           the system callstack when the Reader::nodes_ was only at 662 or so
+//           For Techsmith's purposes, we never have project nodes nested so deeply, so 500 seems
+//           like a perfectly reasonable limit and should not cause any projects to fail to load.
+//           Also, when trying to create that deep a nesting by repeated grouping of a media,
+//           Camtasiaa failed at ~150 levels deep so I could not get anywhere near 500.
 #if !defined(JSONCPP_DEPRECATED_STACK_LIMIT)
-#define JSONCPP_DEPRECATED_STACK_LIMIT 1000
+#define JSONCPP_DEPRECATED_STACK_LIMIT 500
 #endif
 
 static size_t const stackLimit_g =