diff options
| author | Emanuele Torre <torreemanuele6@gmail.com> | 2024-03-15 14:30:03 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-03-15 14:30:03 +0100 |
| commit | 6f67bae60b7d5d1d34438f78acc12266b6dc1f0c (patch) | |
| tree | 749f86fdae27ccab19c84795564ba1c5cebc78c0 | |
| parent | c95b34ff827d05a2d262f00280a4891a295ed0ed (diff) | |
EACH: fix leak when an error is triggered by non-last element of object
Object keys are strings, so they need to be freed.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66070
| -rw-r--r-- | src/execute.c | 4 | ||||
| -rw-r--r-- | tests/jq.test | 5 |
2 files changed, 8 insertions, 1 deletions
diff --git a/src/execute.c b/src/execute.c index 9ef83683..3d2ae0e0 100644 --- a/src/execute.c +++ b/src/execute.c @@ -781,8 +781,10 @@ jv jq_next(jq_state *jq) { } if (!keep_going || raising) { - if (keep_going) + if (keep_going) { + jv_free(key); jv_free(value); + } jv_free(container); goto do_backtrack; } else if (is_last) { diff --git a/tests/jq.test b/tests/jq.test index 60715f69..c8436f64 100644 --- a/tests/jq.test +++ b/tests/jq.test @@ -178,6 +178,11 @@ map(try .a[] catch ., try .a.[] catch ., .a[]?, .a.[]?) [{"a": [1,2]}, {"a": 123}] [1,2,1,2,1,2,1,2,"Cannot iterate over number (123)","Cannot iterate over number (123)"] +# oss-fuzz #66070: objects[] leaks if a non-last element throws an error +try ["OK", (.[] | error)] catch ["KO", .] +{"a":["b"],"c":["d"]} +["KO",["b"]] + # # Negative array indices # |