Origin: backport, https://github.com/DaveGamble/cJSON/commit/7e4d5dabe7a9b754c601f214e65b544e67ba9f59
From: Up-wind <lj.upwind@gmail.com>
Bug: https://github.com/DaveGamble/cJSON/issues/839
Bug-Debian: https://bugs.debian.org/1071742
Acked-by: Maytham Alsudany <maytha8thedev@gmail.com>
Subject: [PATCH] Add NULL check to cJSON_SetValuestring()
 If the valuestring passed to cJSON_SetValuestring is NULL, a null pointer
 dereference will happen. This patch adds the NULL check of valuestring before
 it is dereferenced.
 .
 Fix for CVE-2024-31755.

--- a/cJSON.c
+++ b/cJSON.c
@@ -406,7 +406,7 @@ CJSON_PUBLIC(char*) cJSON_SetValuestring(cJSON *object, const char *valuestring)
         return NULL;
     }
     /* return NULL if the object is corrupted */
-    if (object->valuestring == NULL)
+    if (object->valuestring == NULL || valuestring == NULL)
     {
         return NULL;
     }