Array slice overflows (fix jqlang#1108)

davidfetter · Aug 9, 2017 · 0512f01 · 0512f01
1 parent 9ab3421
commit 0512f01
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 4 deletions.
diff --git a/src/jv.c b/src/jv.c
@@ -296,10 +296,18 @@ static jv jvp_array_slice(jv a, int start, int end) {
     jv_free(a);
     return jv_array();
   }
-  // FIXME FIXME FIXME large offsets
-  a.offset += start;
-  a.size = end - start;
-  return a;
+
+  if (a.offset + start > 1 << (sizeof(a.offset) * CHAR_BIT)) {
+    jv r = jv_array_sized(end - start);
+    for (int i = start; i < end; i++)
+      r = jv_array_append(r, jv_array_get(jv_copy(a), i));
+    jv_free(a);
+    return r;
+  } else {
+    a.offset += start;
+    a.size = end - start;
+    return a;
+  }
 }
 
 /*

diff --git a/tests/jq.test b/tests/jq.test
@@ -383,6 +383,15 @@ del(.[2:4],.[0],.[-2:])
 [0,1,"a","b",4,5,6,7]
 [0,1,"a","b","c",4,5,6,7]
 
+# Slices at large offsets (issue #1108)
+#
+# This is written this way because [range(<large number>)] is
+# significantly slower under valgrind than .[<large number>] = value.
+#
+# We range down rather than up so that we have just one realloc.
+reduce range(70010;69999;-1) as $i ([]; .[$i] = $i)|.[69999:70003]
+null
+[null,70000,70001,70002]
 
 #
 # Variables