Skip to content

Commit

Permalink
@base64d: fix unhandled overflow
Browse files Browse the repository at this point in the history 
$ ./jq-before -n '238609295*"|||"|@base64d|"."'
    src/builtin.c:718:29: runtime error: signed integer overflow: 715827885 * 3 cannot be represented in type 'int'
    jq: error: cannot allocate memory
    Aborted (core dumped)

    $ ./jq-after -n '238609295*"|||"|@base64d|"."'
    jq: error (at <unknown>): string ("||||||||||...) is not valid base64 data

Fixes https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67640
  • Loading branch information
@emanuele6
emanuele6 committed Mar 27, 2024
1 parent be437ec commit 22a03e9
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/builtin.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -715,7 +715,7 @@ static jv f_format(jq_state *jq, jv input, jv fmt) {
input = f_tostring(jq, input);
const unsigned char* data = (const unsigned char*)jv_string_value(input);
int len = jv_string_length_bytes(jv_copy(input));
size_t decoded_len = (3 * len) / 4; // 3 usable bytes for every 4 bytes of input
size_t decoded_len = (3 * (size_t)len) / 4; // 3 usable bytes for every 4 bytes of input
char *result = jv_mem_calloc(decoded_len, sizeof(char));
memset(result, 0, decoded_len * sizeof(char));
uint32_t ri = 0;
Expand Down

0 comments on commit 22a03e9

Please sign in to comment.