Age | Commit message (Collapse) | Author |
|
Signed-off-by: wellweek <xiezitai@outlook.com>
|
|
decNumberToString calls for a buffer that can hold a string of digits+14
characters, not a buffer of size digits+14.
We need to allocate an extra byte for the NUL byte.
-10E-1000010001, for example, will be stringified as -1.0E-1000010000
and decNumberToString will currently write an extra NUL byte after the
allocated buffer in the heap.
Originally reported by @SEU-SSL on GitHub.
Ref: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64574
Fixes GHSA-686w-5m7m-54vc
|
|
The unit allocated for decNumberCompare was accidentally removed by
commit 680baeffeb7983e7570b5e68db07fe47f94db8c7 (PR #2804)
This caused a stack overflow when comparing a nan with a payload of 1000
or more.
This bug was found by OSS-fuzz.
Ref: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64771
Fixes GHSA-7hmr-442f-qc8j
It also fixes 1e999999999 > 1e-1147483646 triggering UBSAN errors
Fixes #2968
|
|
|
|
|
|
@stedolan
|
|
|
|
|
|
|
|
Backfill with references to PRs & issues in NEWS.md
|
|
correct grammar, add attributions, clarify abs
|
|
Changes mentioned based on picking user facing changes from:
git log --oneline -r master...jq-1.6 | grep -v Merge
|