diff options
| author | Emanuele Torre <torreemanuele6@gmail.com> | 2024-03-15 14:30:23 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-03-15 14:30:23 +0100 |
| commit | 1411ce63d5314ad8771d2bae01d0a4144b30049c (patch) | |
| tree | a362b34c69244ec353033e45ca05c1ed763d8339 | |
| parent | 6f67bae60b7d5d1d34438f78acc12266b6dc1f0c (diff) | |
strftime/1: fix validation of non-string argument with number input
There was a incorrect else, that caused jq to not ensure that the
argument to strftime/1 is a string when the input is a number; this ends
up calling jv_string_value on a non-string value, which does not work,
and causes an assert failure.
Also fix same bug in strflocaltime/1.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67403
| -rw-r--r-- | src/builtin.c | 8 | ||||
| -rw-r--r-- | tests/jq.test | 9 |
2 files changed, 13 insertions, 4 deletions
diff --git a/src/builtin.c b/src/builtin.c index 393fac0d..5e31795c 100644 --- a/src/builtin.c +++ b/src/builtin.c @@ -1599,9 +1599,9 @@ static jv f_strftime(jq_state *jq, jv a, jv b) { } } else if (jv_get_kind(a) != JV_KIND_ARRAY) { return ret_error2(a, b, jv_string("strftime/1 requires parsed datetime inputs")); - } else if (jv_get_kind(b) != JV_KIND_STRING) { - return ret_error2(a, b, jv_string("strftime/1 requires a string format")); } + if (jv_get_kind(b) != JV_KIND_STRING) + return ret_error2(a, b, jv_string("strftime/1 requires a string format")); struct tm tm; if (!jv2tm(a, &tm)) return ret_error(b, jv_string("strftime/1 requires parsed datetime inputs")); @@ -1630,9 +1630,9 @@ static jv f_strflocaltime(jq_state *jq, jv a, jv b) { a = f_localtime(jq, a); } else if (jv_get_kind(a) != JV_KIND_ARRAY) { return ret_error2(a, b, jv_string("strflocaltime/1 requires parsed datetime inputs")); - } else if (jv_get_kind(b) != JV_KIND_STRING) { - return ret_error2(a, b, jv_string("strflocaltime/1 requires a string format")); } + if (jv_get_kind(b) != JV_KIND_STRING) + return ret_error2(a, b, jv_string("strflocaltime/1 requires a string format")); struct tm tm; if (!jv2tm(a, &tm)) return ret_error(b, jv_string("strflocaltime/1 requires parsed datetime inputs")); diff --git a/tests/jq.test b/tests/jq.test index c8436f64..463161c7 100644 --- a/tests/jq.test +++ b/tests/jq.test @@ -1585,6 +1585,15 @@ try mktime catch . ["a",1,2,3,4,5,6,7] "mktime requires parsed datetime inputs" +# oss-fuzz #67403: non-string argument with number input fails assert +try ["OK", strftime([])] catch ["KO", .] +0 +["KO","strftime/1 requires a string format"] + +try ["OK", strflocaltime({})] catch ["KO", .] +0 +["KO","strflocaltime/1 requires a string format"] + # module system import "a" as foo; import "b" as bar; def fooa: foo::a; [fooa, bar::a, bar::b, foo::a] null |