Description
Describe the bug
A use-of-uninitialized-value vulnerability was detected in jq's parser, specifically in the check_literal function within jv_parse.c. Discovered through AFL fuzzing with MemorySanitizer (MSan), this issue may lead to undefined behavior or information leakage.
Sanitizer Report
==9154==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x561e8dcd5289 in check_literal /home/kali/jq-msan/src/jv_parse.c:519:9
#1 0x561e8dccf9ff in scan /home/kali/jq-msan/src/jv_parse.c:674:7
#2 0x561e8dccf9ff in jv_parser_next /home/kali/jq-msan/src/jv_parse.c:796:11
#3 0x561e8dcf2ecc in jq_util_input_next_input /home/kali/jq-msan/src/util.c:430:15
#4 0x561e8dc44e42 in main /home/kali/jq-msan/src/main.c:655:34
#5 0x7f5540d04d67 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#6 0x7f5540d04e24 in __libc_start_main csu/../csu/libc-start.c:360:3
#7 0x561e8dba68a0 in _start (/home/kali/jq-msan/jq+0x368a0) (BuildId: 2a7343560e94efceff638b8791eeee1fb5504bb1)
Uninitialized value was created by a heap allocation
#0 0x561e8dbe468e in realloc (/home/kali/jq-msan/jq+0x7468e) (BuildId: 2a7343560e94efceff638b8791eeee1fb5504bb1)
#1 0x561e8dc9d063 in jv_mem_realloc /home/kali/jq-msan/src/jv_alloc.c:184:7
#2 0x561e8dccfdcd in tokenadd /home/kali/jq-msan/src/jv_parse.c:425:19
#3 0x561e8dccfdcd in scan /home/kali/jq-msan/src/jv_parse.c:679:7
#4 0x561e8dccfdcd in jv_parser_next /home/kali/jq-msan/src/jv_parse.c:796:11
#5 0x561e8dcf2ecc in jq_util_input_next_input /home/kali/jq-msan/src/util.c:430:15
#6 0x561e8dc44e42 in main /home/kali/jq-msan/src/main.c:655:34
#7 0x7f5540d04d67 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
SUMMARY: MemorySanitizer: use-of-uninitialized-value /home/kali/jq-msan/src/jv_parse.c:519:9 in check_literal
Exiting
Environment
jq Version: 1.7.1
Build Configuration: AFL++
To Reproduce
echo -ne 'n swiwitch inputtch input[lo' > trigger.txt
./jq . trigger.txt