fix: bsearch prevent overflow on mid calculation

eloycoto · eloycoto · commit 5c0aaba208b0 · 2024-02-29T12:24:55.000+01:00
Signed-off-by: Eloy Coto &lt;eloy.coto@acalustra.com&gt;
diff --git a/src/builtin.c b/src/builtin.c
@@ -46,6 +46,7 @@ void *alloca (size_t);
 #include "jv_private.h"
 #include "util.h"
 
+
 #define BINOP(name) \
 static jv f_ ## name(jq_state *jq, jv input, jv a, jv b) { \
   jv_free(input); \
@@ -785,13 +786,14 @@ static jv f_sort_by_impl(jq_state *jq, jv input, jv keys) {
 /* If the input is not sorted, bsearch will terminate but with irrelevant results. */
 static jv f_bsearch(jq_state *jq, jv input, jv target) {
   if (jv_get_kind(input) != JV_KIND_ARRAY) {
+    jv_free(target);
     return type_error(input, "cannot be searched from");
   }
   int start = 0;
   int end = jv_array_length(jv_copy(input));
   jv answer = jv_invalid();
   while (start < end) {
-    int mid = (start + end) / 2;
+    int mid = start + (end - start) / 2;
     int result = jv_cmp(jv_copy(target), jv_array_get(jv_copy(input), mid));
     if (result == 0) {
       answer = jv_number(mid);
diff --git a/tests/jq.test b/tests/jq.test
@@ -1559,6 +1559,10 @@ bsearch({x:1})
 [{ "x": 0 },{ "x": 1 },{ "x": 2 }]
 1
 
+try ["OK", bsearch(0)] catch ["KO",.]
+"aa"
+["KO","string (\"aa\") cannot be searched from"]
+
 # strptime tests are in optional.test
 
 strftime("%Y-%m-%dT%H:%M:%SZ")

Original file line number	Diff line number	Diff line change
`@@ -1559,6 +1559,10 @@ bsearch({x:1})`
`1559`	`1559`	`[{ "x": 0 },{ "x": 1 },{ "x": 2 }]`
`1560`	`1560`	`1`
`1561`	`1561`
	`1562`	`+try ["OK", bsearch(0)] catch ["KO",.]`
	`1563`	`+"aa"`
	`1564`	`+["KO","string (\"aa\") cannot be searched from"]`
	`1565`	`+`
`1562`	`1566`	`# strptime tests are in optional.test`
`1563`	`1567`
`1564`	`1568`	`strftime("%Y-%m-%dT%H:%M:%SZ")`