fix use after free in f_strptime

author David Tolnay <dtolnay@gmail.com>

Fri, 19 Jun 2015 05:15:41 +0000 (22:15 -0700)

committer Nicolas Williams <nico@cryptonector.com>

Fri, 19 Jun 2015 05:34:27 +0000 (00:34 -0500)
author David Tolnay <dtolnay@gmail.com>
Fri, 19 Jun 2015 05:15:41 +0000 (22:15 -0700)
committer Nicolas Williams <nico@cryptonector.com>
Fri, 19 Jun 2015 05:34:27 +0000 (00:34 -0500)
diff --git a/builtin.c b/builtin.c

index 4d538eac1a4cdd905f23c83b624f4dc55ea3718d..6dfb35d1d89610bbc6ceee88fad1fe2c245973bd 100644 (file)
--- a/builtin.c
+++ b/builtin.c
@@ -1056,13 +1056,15 @@ static jv f_strptime(jq_state *jq, jv a, jv b) {
      jv_free(b);
      return e;
    }
-  jv_free(a);
    jv_free(b);
-  if (tm.tm_wday == 0 && tm.tm_yday == 0 && my_mktime(&tm) == (time_t)-2)
+  if (tm.tm_wday == 0 && tm.tm_yday == 0 && my_mktime(&tm) == (time_t)-2) {
+    jv_free(a);
      return jv_invalid_with_msg(jv_string("strptime/1 not supported on this platform"));
+  }
    jv r = tm2jv(&tm);
    if (*end != '\0')
      r = jv_array_append(r, jv_string(end));
+  jv_free(a); // must come after `*end` because `end` is a pointer into `a`'s string
    return r;
  }
  #else
author	David Tolnay <dtolnay@gmail.com>
	Fri, 19 Jun 2015 05:15:41 +0000 (22:15 -0700)
committer	Nicolas Williams <nico@cryptonector.com>
	Fri, 19 Jun 2015 05:34:27 +0000 (00:34 -0500)