| commit | 71c2ab509a8628dbbad4bc7b3f98a64aa90d3297 | [log] [tgz] |
|---|---|---|
| author | Emanuele Torre <torreemanuele6@gmail.com> | Wed Dec 13 20:20:22 2023 +0100 |
| committer | GitHub <noreply@github.com> | Wed Dec 13 20:20:22 2023 +0100 |
| tree | fe7a1f7b4580426266209f6047adb4e9736cd06c | |
| parent | c9a51565214eece8f1053089739aea73145bfd6b [diff] |
Merge pull request from GHSA-686w-5m7m-54vc decNumberToString calls for a buffer that can hold a string of digits+14 characters, not a buffer of size digits+14. We need to allocate an extra byte for the NUL byte. -10E-1000010001, for example, will be stringified as -1.0E-1000010000 and decNumberToString will currently write an extra NUL byte after the allocated buffer in the heap. Originally reported by @SEU-SSL on GitHub. Ref: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64574 Fixes GHSA-686w-5m7m-54vc
jq is a lightweight and flexible command-line JSON processor akin to sed,awk,grep, and friends for JSON data. It's written in portable C and has zero runtime dependencies, allowing you to easily slice, filter, map, and transform structured data.
Download the latest releases from the GitHub release page.
Pull the jq image to start quickly with Docker.
git submodule update --init # if building from git to get oniguruma autoreconf -i # if building from git ./configure --with-oniguruma=builtin make -j8 make check sudo make install
Build a statically linked version:
make LDFLAGS=-all-static
If you‘re not using the latest git version but instead building a released tarball (available on the release page), skip the autoreconf step, and flex or bison won’t be needed.
For details on cross-compilation, check out the GitHub Actions file and the cross-compilation wiki page.
jq is released under the MIT License.