jmespath.rs icon indicating copy to clipboard operation
jmespath.rs copied to clipboard
verified publisher icon jmespath

Fix panic on invalid number

Open stusmall opened this issue 3 years ago • 3 comments

I added a small check for a case that would previous panic. This was found through fuzzing. I've found another issue where it is possible to overflow the stack using a query with a long series of ['s. The change for this might be intrusive though. Before I fix it I wanted to send this PR up and check to see if you are interested in the more intrusive change.

stusmall avatar Dec 15 '22 16:12 stusmall

Excellent work. I would be open to including some fuzzing infrastructure in this repo if you feel like raising a PR.

For the more "intrusive" change, feel free to open a PR and we can work through it. Definitely keen to prevent panics & stack overflows.

cetra3 avatar Dec 15 '22 22:12 cetra3

I'll open a separate PR when time allows for the others. Where can I view the results of a travisci run? I can seem to find that and it will be useful when doing the fuzzing PR.

stusmall avatar Dec 18 '22 15:12 stusmall

I was wondering if we could get this merged and a new version released. We hit this again today.

stusmall avatar Jun 05 '24 20:06 stusmall