summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEmanuele Torre <torreemanuele6@gmail.com>2023-12-10 19:40:29 +0100
committerGitHub <noreply@github.com>2023-12-10 19:40:29 +0100
commit6b69ffe769f1588cce13a39bb0a216b6099fddec (patch)
tree3871adfb81f127770ddb0bb1803550eef7c258ab
parent80bc768c5df782310485d3ec7d1ddcf490bda0f2 (diff)
jv_setpath()+setpath/2: don't leak the input after an invalid get
Ref: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64906
-rw-r--r--src/jv_aux.c1
-rw-r--r--tests/jq.test4
2 files changed, 5 insertions, 0 deletions
diff --git a/src/jv_aux.c b/src/jv_aux.c
index 5ec7ce8e..eedaaeb7 100644
--- a/src/jv_aux.c
+++ b/src/jv_aux.c
@@ -408,6 +408,7 @@ jv jv_setpath(jv root, jv path, jv value) {
jv subroot = jv_get(jv_copy(root), jv_copy(pathcurr));
if (!jv_is_valid(subroot)) {
+ jv_free(root);
jv_free(pathcurr);
jv_free(pathrest);
jv_free(value);
diff --git a/tests/jq.test b/tests/jq.test
index c5c8cf06..28d683e6 100644
--- a/tests/jq.test
+++ b/tests/jq.test
@@ -2091,3 +2091,7 @@ try ("foobar" | .[1.5]) catch .
null
"Cannot index string with number"
+# setpath/2 does not leak the input after an invalid get #2967
+try ["ok", setpath([1]; 1)] catch ["ko", .]
+{"hi":"hello"}
+["ko","Cannot index object with number"]