Fix SAST findings in jq 1.6

Resolves: RHEL-28653
This commit is contained in:
Tomas Halman 2024-05-03 13:37:37 +02:00
parent 82160163a2
commit d58da5b4b5
2 changed files with 58 additions and 1 deletions

52
0005-sast.patch Normal file
View File

@ -0,0 +1,52 @@
diff -up jq-1.6/src/jq_test.c.orig jq-1.6/src/jq_test.c
--- jq-1.6/src/jq_test.c.orig 2024-05-03 11:47:47.403617188 +0200
+++ jq-1.6/src/jq_test.c 2024-05-03 11:48:46.569675199 +0200
@@ -16,6 +16,7 @@ static void run_jq_pthread_tests();
int jq_testsuite(jv libdirs, int verbose, int argc, char* argv[]) {
FILE *testdata = stdin;
+ const char *testdata_filename = NULL;
int skip = -1;
int take = -1;
jv_test();
@@ -28,18 +29,24 @@ int jq_testsuite(jv libdirs, int verbose
take = atoi(argv[i+1]);
i++;
} else {
- testdata = fopen(argv[i], "r");
- if (!testdata) {
- perror("fopen");
- exit(1);
- }
+ testdata_filename = argv[i];
}
}
}
+ if (testdata_filename) {
+ testdata = fopen(testdata_filename, "r");
+ if (!testdata) {
+ perror("fopen");
+ exit(1);
+ }
+ }
run_jq_tests(libdirs, verbose, testdata, skip, take);
#ifdef HAVE_PTHREAD
run_jq_pthread_tests();
#endif
+ if (testdata_filename) {
+ fclose(testdata);
+ }
return 0;
}
diff -up jq-1.6/src/locfile.c.orig jq-1.6/src/locfile.c
--- jq-1.6/src/locfile.c.orig 2018-11-02 02:49:29.000000000 +0100
+++ jq-1.6/src/locfile.c 2024-05-03 11:15:46.562476303 +0200
@@ -72,6 +72,7 @@ void locfile_locate(struct locfile* l, l
}
jv m1 = jv_string_vfmt(fmt, fmtargs);
+ va_end(fmtargs);
if (!jv_is_valid(m1)) {
jq_report_error(l->jq, m1);
return;

View File

@ -1,6 +1,6 @@
Name: jq Name: jq
Version: 1.6 Version: 1.6
Release: 16%{?dist} Release: 17%{?dist}
Summary: Command-line JSON processor Summary: Command-line JSON processor
License: MIT and ASL 2.0 and CC-BY and GPLv3 License: MIT and ASL 2.0 and CC-BY and GPLv3
@ -12,6 +12,7 @@ Patch1: 0001-iterration-problem-for-non-decimal-string.patch
Patch2: 0002-add-mantest.patch Patch2: 0002-add-mantest.patch
Patch3: 0003-fix-pthread-segfault.patch Patch3: 0003-fix-pthread-segfault.patch
Patch4: 0004-make-jq-fast.patch Patch4: 0004-make-jq-fast.patch
Patch5: 0005-sast.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: flex BuildRequires: flex
@ -102,6 +103,10 @@ make check
%changelog %changelog
* Fri May 3 2024 Tomas Halman <thalman@redhat.com> - 1.6-17
- Fix SAST findings in jq 1.6
- Resolves: RHEL-28653
* Fri Oct 13 2023 Tomas Halman <thalman@redhat.com> - 1.6-16 * Fri Oct 13 2023 Tomas Halman <thalman@redhat.com> - 1.6-16
- Make jq 1.6 fast - Make jq 1.6 fast
- Resolves: RHEL-13431 - Resolves: RHEL-13431