the failed compiling on MINGW/proxspace warns over a overflow in buffer[5], the return value in utf8_check_first() can be 0 - 4, which used later in loop as index with 1 as start offset. a 4 will overflow the buffer[5]. Increased buffer with to just in case to support the zero terminator. Another option where this code will bail out is, 0 is goto out, 1 will trigger the assert and break client. A bit ruff I say.

CHANGELOG.md

@@ -3,6 +3,7 @@ All notable changes to this project will be documented in this file.
 This project uses the changelog in accordance with [keepchangelog](http://keepachangelog.com/). Please use this to write notable changes, which is not the same as git commit log...
 
 ## [unreleased][unreleased]
+- Fixed overflow in deps/jansson library (@iceman1001)
 - Added `lf hitag crack2` -  WIP.  Trying to add the second attack vector against Hitag2 (@iceman1001)
 - Changed `hf 14b reader --plot` - made the anticollision signal trace download optional (@iceman1001)
 - Added `lf_hitag_crypto.trace` - trace file of a complete read out of a Hitag2 in crypto mode (@iceman1001)

client/deps/jansson/load.c

@@ -54,7 +54,7 @@ typedef int (*get_func)(void *data);
 typedef struct {
     get_func get;
     void *data;
-    char buffer[5];
+    char buffer[7];
     size_t buffer_pos;
     int state;
     int line;
@@ -179,11 +179,15 @@ static int stream_get(stream_t *stream, json_error_t *error) {
             size_t i, count;
 
             count = utf8_check_first(c);
-            if (!count)
+            if (count == 0) {
                 goto out;
+            }
+
+            // whatif count == 1 ?!?
 
             assert(count >= 2);
 
+            // if count == 4 ,   i will become 5 and overflow.
             for (i = 1; i < count; i++)
                 stream->buffer[i] = stream->get(stream->data);