diff options
author | Emanuele Torre <torreemanuele6@gmail.com> | 2023-12-10 19:40:29 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-12-10 19:40:29 +0100 |
commit | 6b69ffe769f1588cce13a39bb0a216b6099fddec (patch) | |
tree | 3871adfb81f127770ddb0bb1803550eef7c258ab | |
parent | 80bc768c5df782310485d3ec7d1ddcf490bda0f2 (diff) |
jv_setpath()+setpath/2: don't leak the input after an invalid get
Ref: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64906
-rw-r--r-- | src/jv_aux.c | 1 | ||||
-rw-r--r-- | tests/jq.test | 4 |
2 files changed, 5 insertions, 0 deletions
diff --git a/src/jv_aux.c b/src/jv_aux.c index 5ec7ce8e..eedaaeb7 100644 --- a/src/jv_aux.c +++ b/src/jv_aux.c @@ -408,6 +408,7 @@ jv jv_setpath(jv root, jv path, jv value) { jv subroot = jv_get(jv_copy(root), jv_copy(pathcurr)); if (!jv_is_valid(subroot)) { + jv_free(root); jv_free(pathcurr); jv_free(pathrest); jv_free(value); diff --git a/tests/jq.test b/tests/jq.test index c5c8cf06..28d683e6 100644 --- a/tests/jq.test +++ b/tests/jq.test @@ -2091,3 +2091,7 @@ try ("foobar" | .[1.5]) catch . null "Cannot index string with number" +# setpath/2 does not leak the input after an invalid get #2967 +try ["ok", setpath([1]; 1)] catch ["ko", .] +{"hi":"hello"} +["ko","Cannot index object with number"] |