mirror/stedolan-jq
1
0
Fork 0
mirror of https://github.com/stedolan/jq.git synced 2024-05-11 05:55:39 +00:00
Code Issues Releases Activity

Fix parser leak (fuzzing)

Browse Source
This commit is contained in:
Nicolas Williams
2014-12-30 11:28:15 -06:00
parent c959d1fca1
commit c308b2881f
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
jv_parse.c
View File

@@ -107,6 +107,7 @@ static void parser_reset(struct jv_parser* p) {
static void parser_free(struct jv_parser* p) { static void parser_free(struct jv_parser* p) {
parser_reset(p); parser_reset(p);
jv_free(p->path); jv_free(p->path);
jv_free(p->output);
jv_mem_free(p->stack); jv_mem_free(p->stack);
jv_mem_free(p->tokenbuf); jv_mem_free(p->tokenbuf);
jvp_dtoa_context_free(&p->dtoa); jvp_dtoa_context_free(&p->dtoa);
@@ -383,7 +384,6 @@ static void tokenadd(struct jv_parser* p, char c) {
} }
assert(p->tokenpos < p->tokenlen); assert(p->tokenpos < p->tokenlen);
p->tokenbuf[p->tokenpos++] = c; p->tokenbuf[p->tokenpos++] = c;
p->tokenbuf[p->tokenpos] = '\0'; // for debugging
} }
static int unhex4(char* hex) { static int unhex4(char* hex) {
@@ -593,6 +593,7 @@ static pfunc scan(struct jv_parser* p, char ch, jv* out) {
return OK; return OK;
} }
parser_reset(p); parser_reset(p);
jv_free(*out);
*out = jv_invalid(); *out = jv_invalid();
return "Truncated value"; return "Truncated value";
} }
@@ -714,6 +715,7 @@ jv jv_parser_next(struct jv_parser* p) {
if (msg == OK) { if (msg == OK) {
return value; return value;
} else if (msg) { } else if (msg) {
jv_free(value);
if (ch != '\036' && (p->flags & JV_PARSE_SEQ)) { if (ch != '\036' && (p->flags & JV_PARSE_SEQ)) {
// Skip to the next RS // Skip to the next RS
p->st = JV_PARSER_WAITING_FOR_RS; p->st = JV_PARSER_WAITING_FOR_RS;
@@ -734,8 +736,9 @@ jv jv_parser_next(struct jv_parser* p) {
// need another buffer // need another buffer
return jv_invalid(); return jv_invalid();
} else { } else {
assert(p->curr_buf_pos == p->curr_buf_length);
// at EOF // at EOF
assert(p->curr_buf_pos == p->curr_buf_length);
jv_free(value);
if (p->st != JV_PARSER_WAITING_FOR_RS) { if (p->st != JV_PARSER_WAITING_FOR_RS) {
if (p->st != JV_PARSER_NORMAL) { if (p->st != JV_PARSER_NORMAL) {
value = make_error(p, "Unfinished string at EOF at line %d, column %d", p->line, p->column); value = make_error(p, "Unfinished string at EOF at line %d, column %d", p->line, p->column);