diff options
author | Emanuele Torre <torreemanuele6@gmail.com> | 2023-12-13 15:13:46 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-12-13 15:13:46 +0100 |
commit | 511d50b15b0a903639874e933d941bad50de6652 (patch) | |
tree | 80fdb5564fa4cfbf5ed61c0a9b8e14667d47efac /src | |
parent | 7298972551d43b44dd33a079927e06f2d15151f8 (diff) |
ltrimstr/1+rtrimstr/1: don't leak on invalid input or arguments
ltrimstr/rtrimstr was ignoring and leaking the error returned by
f_startswith()/f_endswith().
This also means that they just let the input pass through for non-string
inputs or arguments.
Only fix the leak for now; in the next release, #2969 will make them
rethrow the error returned by startswith/endswith.
Ref: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64946
Diffstat (limited to 'src')
-rw-r--r-- | src/builtin.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/builtin.c b/src/builtin.c index cf4792c4..902490de 100644 --- a/src/builtin.c +++ b/src/builtin.c @@ -295,7 +295,9 @@ static jv f_endswith(jq_state *jq, jv a, jv b) { } static jv f_ltrimstr(jq_state *jq, jv input, jv left) { - if (jv_get_kind(f_startswith(jq, jv_copy(input), jv_copy(left))) != JV_KIND_TRUE) { + jv startswith = f_startswith(jq, jv_copy(input), jv_copy(left)); + if (jv_get_kind(startswith) != JV_KIND_TRUE) { + jv_free(startswith); jv_free(left); return input; } @@ -311,12 +313,14 @@ static jv f_ltrimstr(jq_state *jq, jv input, jv left) { } static jv f_rtrimstr(jq_state *jq, jv input, jv right) { - if (jv_get_kind(f_endswith(jq, jv_copy(input), jv_copy(right))) == JV_KIND_TRUE) { + jv endswith = f_endswith(jq, jv_copy(input), jv_copy(right)); + if (jv_get_kind(endswith) == JV_KIND_TRUE) { jv res = jv_string_sized(jv_string_value(input), jv_string_length_bytes(jv_copy(input)) - jv_string_length_bytes(right)); jv_free(input); return res; } + jv_free(endswith); jv_free(right); return input; } |