Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Fix possible uninitialised value dereference if jq_init() fails #2935

Merged
merged 1 commit into from
Oct 22, 2023

Conversation

emanuele6
Copy link
Member

@emanuele6 emanuele6 commented Oct 21, 2023

If jq_init() fails, goto out would try to free input_state which is uninitialised. I initialised input_state to NULL to fix the problem.

I also fixed jq_util_input_init() not handling OOM errors by returning NULL, and added code to make jq exit cleanly if it returns NULL. The codebase is filled with these kinds of problems, but this one was easy to fix, so might as well fix it now...

Ref: #2934 (comment)

Reported-By: Klemens Nanni kn@openbsd.org

Copy link
Contributor

@klemensn klemensn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

src/util.c Outdated Show resolved Hide resolved
src/util.c Outdated Show resolved Hide resolved
If jq_init() fails, goto out would try to free input_state which is
uninitialised. I initialised input_state to NULL to fix the problem.

Ref: jqlang#2934 (comment)

Reported-By: Klemens Nanni <kn@openbsd.org>
@nicowilliams nicowilliams merged commit e85e358 into jqlang:master Oct 22, 2023
28 checks passed
@nicowilliams
Copy link
Contributor

Thanks!

@emanuele6 emanuele6 deleted the fixinput branch October 22, 2023 16:17
@emanuele6 emanuele6 added the bug label Oct 28, 2023
# for free to join this conversation on GitHub. Already have an account? # to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants