| Age | Commit message (Collapse) | Author |
|---|
|
Now, time functions accept array inputs even if they don't have all the
elements, 0 will be assumed if a value is not present.
Also, jv2tm now properly clamps large number values to a signed 32-bit
integer and rejects nan.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65885
|
|
tests/mantest were failing on Raspberry Pi OS 11:
==10205== Conditional jump or move depends on uninitialised value(s)
==10205== at 0x48806F8: checkfail (jq_test.c:58)
==10205== by 0x48806F8: run_jq_tests (jq_test.c:99)
==10205== by 0x4880FCB: jq_testsuite (jq_test.c:39)
==10205== by 0x10B37F: main (main.c:576)
==10205==
==10205== Conditional jump or move depends on uninitialised value(s)
==10205== at 0x4880714: checkfail (jq_test.c:58)
==10205== by 0x4880714: run_jq_tests (jq_test.c:99)
==10205== by 0x4880FCB: jq_testsuite (jq_test.c:39)
==10205== by 0x10B37F: main (main.c:576)
|
|
|
|
In windows, time_t is a signed 32-bit integer type, so TIME_MAX needs to
be declared as INT32_MAX instead of INT64_MAX.
Also bump NetBSD's strptime to revision 1.65 from 1.63 to fix undefined
behaviour (signed integer overflow) bugs.
Related NetBSD problem report:
https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=58041
Noticed thanks to a compiler warning in the windows build CI.
I declared the d variable as time_t instead of as unsigned to ensure
that the signedness/size of TIME_MAX-d in the sse > TIME_MAX-d check
is always correct, and to prevent -Wsign-compare warnings from
triggering in the windows build.
|
|
There was a incorrect else, that caused jq to not ensure that the
argument to strftime/1 is a string when the input is a number; this ends
up calling jv_string_value on a non-string value, which does not work,
and causes an assert failure.
Also fix same bug in strflocaltime/1.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67403
|
|
Object keys are strings, so they need to be freed.
Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66070
|
|
Signed-off-by: wellweek <xiezitai@outlook.com>
|
|
Previously, the tonumber/0 filter parses the input as JSON values, but
this is less-performant on large non-number strings. Parsing the input
string as number literal fixes the performance issue. Also, this fix
changes the filter to reject numbers with white spaces.
|
|
|
|
Fixes #3038
|
|
|
|
|
|
* Fix typo in documentation for map_values
"map_value(f)" -> "map_values(f)"
* map_value => map_values also in the devolpment manual
---------
Co-authored-by: Emanuele Torre <torreemanuele6@gmail.com>
|
|
Colors have a color separate from object keys, so were not tested.
|
|
|
|
|
|
Before, arrays would not reset colors after `[` and `,`, but objects
would; it would reset colors twice before `]` and `}`; and some cases of
indentation would have colors applied. Now, colors are reset immediately
after any token that is colored, before any indentation. This makes the
formatting consistent, for the benefit of custom `JQ_COLORS`.
|
|
The README mentions only the MIT license but in fact part of `jq`
is under ICU license and the documentation is under CC.
Also jq.spec claimed that it is licensed under BSD.
|
|
Apparently sum(1) is a BSD and GNU coreutil used to compute the
"16-bit BSD checksum" of a file.
|
|
For functions that from one double return an array with two numbers.
|
|
C99 only allows string literals long at most 4095 characters.
jq_builtins was a lot longer than that.
I rewrote all the optional libm error stubs in C so the value of
jq_builtins is not build dependent.
I replaced the command that generates builtin.inc with a POSIX compliant
od|sed command that encodes builtin.jq as a comma delimited list of
octal numbers (that can be embedded in C using a {} literal).
I also added -Woverlength-strings to AM_CFLAGS to verify that the
problem is fixed.
Fixes #1481
|
|
|
|
|
|
Fixes #3014
|
|
Previously, ltrimstr/rtrimstr would just let the input pass through for
non-string inputs or arguments.
That was happening because, they were leaking the errors returned by
startswith/endswith treating them as if they were jv_false().
The leak was resolved by #2977 for 1.7.1
This patch rewrites ltrimstr and rtrimstr in jq, and makes them not
ignore startswith and endswith errors anymore.
|
|
This reverts commit 5d95791a6795bfc44380c2e6e343ee66dd891e8b.
|
|
|
|
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.2 to 3.1.3.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](https://github.com/pallets/jinja/compare/3.1.2...3.1.3)
---
updated-dependencies:
- dependency-name: jinja2
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
* Bump the official-actions group with 2 updates
Bumps the official-actions group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact) and [actions/download-artifact](https://github.com/actions/download-artifact).
Updates `actions/upload-artifact` from 3 to 4
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4)
Updates `actions/download-artifact` from 3 to 4
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v3...v4)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: official-actions
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
dependency-group: official-actions
...
Signed-off-by: dependabot[bot] <support@github.com>
* Fix CI workflow for updating artifact actions to v4
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: itchyny <itchyny@cybozu.co.jp>
|
|
|
|
|
|
Make it the default download
|
|
(#2997)
* Always build docker image on CI
* Revert "Bump actions/download-artifact from 3 to 4"
This reverts commit 9e2695e117aef8403fa0c5b32ee0f26cb442862a.
* Group Dependabot PRs for official actions
|
|
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v3...v4)
---
updated-dependencies:
- dependency-name: actions/download-artifact
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
|
|
decNumberToString calls for a buffer that can hold a string of digits+14
characters, not a buffer of size digits+14.
We need to allocate an extra byte for the NUL byte.
-10E-1000010001, for example, will be stringified as -1.0E-1000010000
and decNumberToString will currently write an extra NUL byte after the
allocated buffer in the heap.
Originally reported by @SEU-SSL on GitHub.
Ref: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64574
Fixes GHSA-686w-5m7m-54vc
|
|
The unit allocated for decNumberCompare was accidentally removed by
commit 680baeffeb7983e7570b5e68db07fe47f94db8c7 (PR #2804)
This caused a stack overflow when comparing a nan with a payload of 1000
or more.
This bug was found by OSS-fuzz.
Ref: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64771
Fixes GHSA-7hmr-442f-qc8j
It also fixes 1e999999999 > 1e-1147483646 triggering UBSAN errors
Fixes #2968
|
|
Before this patch (when using decNumber), "Nan123" was parsed as a NaN,
only if the first n was uppercase.
|
|
|
|
|
|
This commit temporarily reverts the commit that allows #\ "tcl-style"
comments everywhere and documents them, for the 1.7.1 patch release
cca1f7d18f2fa6721952645821ae429a0166d7e4.
\r is removed from the list of characters not allowed in a comment to
preserve that bugfix.
|
|
ltrimstr/rtrimstr was ignoring and leaking the error returned by
f_startswith()/f_endswith().
This also means that they just let the input pass through for non-string
inputs or arguments.
Only fix the leak for now; in the next release, #2969 will make them
rethrow the error returned by startswith/endswith.
Ref: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64946
|
|
It does not need it, only libjq needs this.
|
|
The "macos (arm64)" runner on github does not have nproc.
/Users/runner/work/_temp/f44f0d9f-19eb-4a23-860e-26533d7efdfa.sh: line 10: nproc: command not found
|
|
It does not matter much since they most likely just get multiplied
together, but some compilers would complain about this if these were
calls to calloc.
|
|
Replace deprecated test(1) parentheses and -a logical operator with two
tests command.
Replace deprecated tail -1 with tail -n1.
Replace non-standard egrep(1) command with grep -E ; this also
prevents obsolescence warnings on GNU systems.
|
|
The locale test was using ./jq intead of $JQ.
I also removed the use of obsolete egrep instead of grep -E that
triggers warnings on GNU systems, and the use of deprecated head -1
instead of head -n1.
Also removed the unnecessary hiding of strptime/1 errors with
? // false.
|
|
The description of the Alternative operator `//` was hard for me to grasp in its wording.
I suggest dividing the looong sentence into two parts. Since it is actually an alternative formulation, the sentence can be divided into the first formulation, and the alternative formulation.
|
|
It was #2970, not 2967.
|
|
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 5.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4...v5)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
|
