Google Git
Sign in
fuchsia / third_party / github.com / jqlang / jq / refs/heads/upstream/master
commit7be6870751c2ab3f49365a955c51ce5ba1f1b752[log] [tgz]
authorSamar Sunkaria <sameesunkaria@me.com>Wed Jun 05 06:19:08 2024 +0200
committerGitHub <noreply@github.com>Wed Jun 05 13:19:08 2024 +0900
tree9e5ff9d3b48d4dd2be562e42ea21c450cfd1d991
parent5208a4425f24f5c366dfed2eae85f1935199d683 [diff]
Remove multiple calls to free when successively calling jq_reset. (#3134)

`jq_reset` calls `jv_free` on the `exit_code` and the `error_message` stored on the jq state.
However, it doesn't replace the actual instance of those members. This means that subsequent
calls to `jq_reset` will call `jv_free` again on those members, which in turn may call `free`
on the same pointer multiple times. Freeing the same pointer multiple times is undefined
behavior and can cause heap corruption, which is how I spotted this issue.

In practice, this issue only occurs when using a program that may `halt_error`, because that
is when the `exit_code` and `error_message` are set to values other than `jv_invalid`.
Subsequent attempts to call `jq_start` (which calls `jq_reset` internally) after hitting a
`halt_error` can cause you to run into this issue.

The changes simply reset the `exit_code` and the `error_message` to `jv_invalid` (the initial
value set in `jq_init`) after they are freed.
2 files changed
tree: 9e5ff9d3b48d4dd2be562e42ea21c450cfd1d991
  1. .github/
  2. build/
  3. config/
  4. docs/
  5. m4/
  6. modules/
  7. scripts/
  8. sig/
  9. src/
  10. tests/
  11. .gitattributes
  12. .gitignore
  13. .gitmodules
  14. AUTHORS
  15. ChangeLog
  16. compile-ios.sh
  17. configure.ac
  18. COPYING
  19. Dockerfile
  20. jq.1.prebuilt
  21. jq.spec
  22. KEYS
  23. libjq.pc.in
  24. Makefile.am
  25. NEWS.md
  26. README.md
  27. SECURITY.md
README.md

jq

jq is a lightweight and flexible command-line JSON processor akin to sed,awk,grep, and friends for JSON data. It's written in portable C and has zero runtime dependencies, allowing you to easily slice, filter, map, and transform structured data.

Documentation

Installation

Prebuilt Binaries

Download the latest releases from the GitHub release page.

Docker Image

Pull the jq image to start quickly with Docker.

Run with Docker

Example: Extracting the version from a package.json file
docker run --rm -i ghcr.io/jqlang/jq:latest < package.json '.version'
Example: Extracting the version from a package.json file with a mounted volume
docker run --rm -i -v "$PWD:$PWD" -w "$PWD" ghcr.io/jqlang/jq:latest '.version' package.json

Building from source

Dependencies

  • libtool
  • make
  • automake
  • autoconf

Instructions

git submodule update --init    # if building from git to get oniguruma
autoreconf -i                  # if building from git
./configure --with-oniguruma=builtin
make clean                     # if upgrading from a version previously built from source
make -j8
make check
sudo make install

Build a statically linked version:

make LDFLAGS=-all-static

If you‘re not using the latest git version but instead building a released tarball (available on the release page), skip the autoreconf step, and flex or bison won’t be needed.

Cross-Compilation

For details on cross-compilation, check out the GitHub Actions file and the cross-compilation wiki page.

Community & Support

License

jq is released under the MIT License. jq's documentation is licensed under the Creative Commons CC BY 3.0. jq uses parts of the open source C library “decNumber”, which is distributed under ICU License