Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ltrimstr/1+rtrimstr/1: don't leak on invalid input or arguments #2977

Merged
merged 1 commit into from
Dec 13, 2023
Merged

ltrimstr/1+rtrimstr/1: don't leak on invalid input or arguments #2977

merged 1 commit into from
Dec 13, 2023

Conversation

emanuele6
Copy link
Member

ltrimstr/rtrimstr was ignoring and leaking the error returned by f_startswith()/f_endswith().

This also means that they just let the input pass through for non-string inputs or arguments.

Only fix the leak for now; in the next release, #2969 will make them rethrow the error returned by startswith/endswith.

Ref: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64946

@emanuele6
ltrimstr/1+rtrimstr/1: don't leak on invalid input or arguments
3e1cc63 
ltrimstr/rtrimstr was ignoring and leaking the error returned by
f_startswith()/f_endswith().

This also means that they just let the input pass through for non-string
inputs or arguments.

Only fix the leak for now; in the next release, jqlang#2969 will make them
rethrow the error returned by startswith/endswith.

Ref: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64946
@emanuele6 emanuele6 added this to the 1.7.1 milestone Dec 11, 2023
@emanuele6
Copy link
Member Author

Next release will be 1.8

@emanuele6 emanuele6 closed this Dec 11, 2023
@emanuele6 emanuele6 reopened this Dec 12, 2023
@emanuele6 emanuele6 modified the milestones: 1.7.1, 1.7.1 release Dec 12, 2023
itchyny
itchyny reviewed Dec 13, 2023
View reviewed changes
src/builtin.c Show resolved Hide resolved
@emanuele6 emanuele6 merged commit 511d50b into jqlang:master Dec 13, 2023
56 checks passed
@emanuele6 emanuele6 deleted the trimleak branch December 13, 2023 14:13
emanuele6 added a commit to emanuele6/jq-1 that referenced this pull request Dec 13, 2023
@emanuele6
builtins: make ltrimstr and rtrimstr error for non-string inputs
060be3d 
Previously, ltrimstr/rtrimstr would just let the input pass through for
non-string inputs or arguments.

That was happening because, they were leaking the errors returned by
startswith/endswith treating them as if they were jv_false().
The leak was resolved by jqlang#2977 for 1.7.1

This patch rewrites ltrimstr and rtrimstr in jq, and makes them not
ignore startswith and endswith errors anymore.
nicowilliams pushed a commit that referenced this pull request Jan 16, 2024
@emanuele6 @nicowilliams
builtins: make ltrimstr and rtrimstr error for non-string inputs
1f1e619 
Previously, ltrimstr/rtrimstr would just let the input pass through for
non-string inputs or arguments.

That was happening because, they were leaking the errors returned by
startswith/endswith treating them as if they were jv_false().
The leak was resolved by #2977 for 1.7.1

This patch rewrites ltrimstr and rtrimstr in jq, and makes them not
ignore startswith and endswith errors anymore.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@itchyny itchyny itchyny approved these changes

Assignees
No one assigned
Labels
bug libjq
Projects
None yet
Milestone
1.7.1 release
Development

Successfully merging this pull request may close these issues.
2 participants
@emanuele6 @itchyny