On Fri, Mar 28, 2025 at 03:49:04PM +0100, Florian Westphal wrote:
> Malformed input returns NULL when decoding left/right side of binop.
> This causes a NULL dereference in expr_evaluate_binop; left/right must
> point to a valid expression.
>
> Fix this in the parser, else would have to sprinkle NULL checks all over
> the evaluation code.
>
> After fix, loading the bogon yields:
> internal:0:0-0: Error: Malformed object (too many properties): '{}'.
> internal:0:0-0: Error: could not decode binop rhs, '<<'.
> internal:0:0-0: Error: Invalid mangle statement value
> internal:0:0-0: Error: Parsing expr array at index 1 failed.
> internal:0:0-0: Error: Parsing command array at index 3 failed.
>
> Fixes: 0ac39384fd9e ("json: Accept more than two operands in binary expressions")
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
Reviewed-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
one nitpick:
> diff --git a/tests/shell/testcases/bogons/nft-j-f/binop_rhs_decode_error_crash b/tests/shell/testcases/bogons/nft-j-f/binop_rhs_decode_error_crash
> new file mode 100644
> index 000000000000..c5de17111ff6
> --- /dev/null
> +++ b/tests/shell/testcases/bogons/nft-j-f/binop_rhs_decode_error_crash
[...]
> + "value": {
> + "<<": [
> + {
> + "|": [
> + {
> + "meta": {
> + "key": "mark"
> + }
> + },
> + 16
> + ]
> + },
> + { },
Something strange here in this indent.
> + 8
> + ]
> + }
> + }
> + }
> + ]
> + }
> + }
> + ]
> +}
