Use after free abort on invalid program input

[JeanMertz]

While investigating #3, I accidentally used a bad program, which caused the program to crash with a use after free error.

program:

.[] | .hello

input:

[1,2,3]

output:

my_crate-336024fec8446e30(13853,0x7000023d9000) malloc: Incorrect checksum for freed object 0x7f97cdb000d0: probably modified after being freed.
Corrupt value: 0x80000000ffffffff
my_crate-336024fec8446e30(13853,0x7000023d9000) malloc: *** set a breakpoint in malloc_error_break to debug
error: process didn't exit successfully: `/Users/jean/Development/Projects/my_crate/target/debug/deps/my_crate-336024fec8446e30` (signal: 6, SIGABRT: process abort signal)

It doesn't always aobrt (as you might expect with errors like these), sometimes it works as expected:

oarse error: Cannot index number with string \"hello\"

[onelson]

I've seen something similar with a simple init then teardown of the jq engine (nothing else). Some times it aborts, sometimes not. This is the sort of thing that makes me entertain the idea of rewriting jq in rust, but the libjq api is undocumented and difficult for me to understand. It would be quite an effort.

Good to have another test case to help pin down the root cause. Thanks for that.

[onelson]

Small update on this. Looks like this is an interaction where the rust is dropping a CString too early causing double free.

I've got some ideas for refactor to hopefully make this sort of bug less likely to show up again, but I'll likely queue those up for v0.4. I should be able to plug this specific case in the short term to finish out 0.3.1. I'd expect it published to crates.io sometime in the next week.

Actually, I'm still digging. The fix I thought was the fix is not the fix. The best clue I have right now is that the jq binary exits with 5 with these inputs, which is JQ_ERROR_UNKNOWN according to the source. This exit code is set during a check for "halted" that my parse implementation doesn't have, so it could be that this is just a branch I never came across and left uncovered as a result.

More in the days to come.