mirror/stedolan-jq
1
0
Fork 0
mirror of https://github.com/stedolan/jq.git synced 2024-05-11 05:55:39 +00:00
Code Issues Releases Activity

Merge pull request from GHSA-7hmr-442f-qc8j

Browse Source 
The unit allocated for decNumberCompare was accidentally removed by
commit 680baeffeb7983e7570b5e68db07fe47f94db8c7 (PR #2804)

This caused a stack overflow when comparing a nan with a payload of 1000
or more.

This bug was found by OSS-fuzz.
Ref: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64771
Fixes GHSA-7hmr-442f-qc8j

It also fixes 1e999999999 > 1e-1147483646   triggering UBSAN errors
Fixes #2968
This commit is contained in:
Emanuele Torre
2023-12-13 20:17:17 +01:00
committed by GitHub
parent c5fd64ba97
commit c9a5156521
3 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
NEWS.md
View File

@ -3,7 +3,7 @@
## Security
- CVE-2023-50246: ....
- CVE-2023-50268: ....
- CVE-2023-50268: fix stack-buffer-overflow if comparing nan with payload
## CLI changes