From 6b69ffe769f1588cce13a39bb0a216b6099fddec Mon Sep 17 00:00:00 2001
From: Emanuele Torre <torreemanuele6@gmail.com>
Date: Sun, 10 Dec 2023 19:40:29 +0100
Subject: [PATCH] jv_setpath()+setpath/2: don't leak the input after an invalid
 get

Ref: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64906
---
 src/jv_aux.c  | 1 +
 tests/jq.test | 4 ++++
 2 files changed, 5 insertions(+)

diff --git a/src/jv_aux.c b/src/jv_aux.c
index 5ec7ce8e4e..eedaaeb7cc 100644
--- a/src/jv_aux.c
+++ b/src/jv_aux.c
@@ -408,6 +408,7 @@ jv jv_setpath(jv root, jv path, jv value) {
 
   jv subroot = jv_get(jv_copy(root), jv_copy(pathcurr));
   if (!jv_is_valid(subroot)) {
+    jv_free(root);
     jv_free(pathcurr);
     jv_free(pathrest);
     jv_free(value);
diff --git a/tests/jq.test b/tests/jq.test
index c5c8cf0630..28d683e6da 100644
--- a/tests/jq.test
+++ b/tests/jq.test
@@ -2091,3 +2091,7 @@ try ("foobar" | .[1.5]) catch .
 null
 "Cannot index string with number"
 
+# setpath/2 does not leak the input after an invalid get #2967
+try ["ok", setpath([1]; 1)] catch ["ko", .]
+{"hi":"hello"}
+["ko","Cannot index object with number"]