| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In `compare_items` if `sort_order` is a top level expression, it has
no context and `get_context()` method returns the null pointer. To see
this, run
$ ledger -f test/input/demo.ledger --sort display_amount reg --debug scope.symbols
and there will be many lines like
[DEBUG] Binding scope 0 with ...
In such case making a reference to the context is an undefined
behavior (honestly the dereferencing itself feels quite problematic,
but many compilers just run without any complaints) and could
potentially cause segfaults.
Therefore, we change to use only the grandchild scope (`left` or
`right`) for `find_sort_values` here. Note that it may seem to be more
appropriate to use `report` here for the parent scope. However, in
`find_sort_values` which is called right after, the `report` scope is
always bound to this scope. So we only use grandchild scope to avoid
unnecessary operations.
Fixes #2069.
|
|
|
|
|
|
|
| |
Here `comm` could be a null pointer (the new test regress/2057 shows
such a case). So test it before dereferencing to avoid segfault.
Re: #2057
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ensure the path of file to include in `instance_t::include_directive`
is always an absolute path.
Previously when the journal file is given through stdin, we prepend a
"./" to the filename to include. However, in Boost >= 1.77,
`path::normalize` strips the leading "./" [1]. Our `resolve_path`
function calls `normalize` and thus now it returns "file" for "./file"
instead of the previous "./file".
This change causes a failing test regress/BF3C1F82-2 [2], and also
breaks the `include` directive for stdin input:
$ touch file-to-include
$ echo "include file-to-include" | ledger -f - reg
gives
While parsing file "", line 1:
Error: File to include was not found: "file-to-include"
Therefore, we change to prepend the `context.current_directory` to
make the filename absolute in this case as well. The test
regress/BF3C1F82-2 is also updated to match the new output.
Fixes #2075.
[1] https://github.com/boostorg/filesystem/commit/16bd89b7c0398d0dc5904148a865ef3fc3ece7ec
[2] https://github.com/ledger/ledger/issues/2075
|
|
|
|
| |
A better fix for this issue is needed, however.
|
|
|
|
|
|
|
|
| |
This makes it safe to compare results to -1 to indicate EOF,
regardless of whether char is considered signed or unsigned;
and so eliminates compiler warnings on platforms such as ARM.
Fixes bug #2058.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While the current formula works for positive numbers, negative numbers
are incorrectly represented.
One of the issues comes from the fact that floor(x) < x for every x.
`amount_t precision` will always be a non negative number and the code
that attempts to fix the issue for negative number will never run.
If we truncate the number instead, the current formula works for both
positive and negative numbers without making negative numbers a corner
case. So let's do that.
Signed-off-by: Rafael Ascensão <rafa.almas@gmail.com>
|
|
|
|
|
|
|
|
| |
Handle files that don't end with a new line. Throw an error when the buffer
size is exceeded.
Fixes #516
Contributes to #1149
|
|
|
|
|
| |
An amount may have a (single) leading minus sign, but none after that.
Bug #2001 (and #1809).
|
|
|
|
| |
Date format %F is not available on all platforms.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 501fbc08ae5493db77bb34f4c4fbe1f3a3bc14e3 changed the behavior
of this function to not return the "equal" result (==0) from the
recursive call. Previously, the function returned the result of the
recursive call unconditionally.
The current behavior causes an assertion error for certain
postings. The regression test added in this commit shows such a
posting.
I found through Travis CI that the old behavior was incomplete and
caused unstable orderings, so reverting to the old behavior doesn't
work. Instead, this change adds a fallback: If the recursive call that
compares the prices numerically returns "equal", then compare the
prices with their original commodity as a tie breaker.
This commit does not change any existing ordering, it only adds
deterministic ordering in a case that currently triggers an assertion
error.
This fixes issue #1998.
|
|
|
|
|
|
|
|
|
|
|
| |
Ledger is treating balance assignments that have a 0 diff as having
a null posting, leading to the posting being auto-balanced and
therefore causing incorrect values to be returned for the transaction.
I fixed this by just making the posting equal to amt - amt (0 in the
right commodity).
Fixes #1942
|
|
|
|
|
|
|
|
|
|
| |
Commit 557ab32 ("Expose a new utility function for balances:
sorted_amounts") split out some code into a separate function.
Unfortunately, in the process an "if" statement was dropped,
leading to amounts being shown that shouldn't be shown because
they are smaller than the display precision.
Fixes #1969
|
|
|
|
| |
Thanks to Feiko Nanninga for the test case.
|
| |
|
|
|
|
|
|
| |
Add tests for wrong behavior caused by commit 49b07a1c1948 ("Correction
to the way parens are parsed in query expressions") which was reverted
with commit 869302ae9ce3. The bug report was issue #1894.
|
|
|
|
|
|
|
|
| |
The directive `apply account` and similar directives (fixed, year...)
require an argument. Ensure that an argument is given.
Fixes #553
Fixes #1854
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without these changes, whether an account's balance is virtual
or real is not considered when asserting it's balance. This lead
to situations where the user must consider their virtual postings
when attemping to assert the real balance of the account. See
test/regress/543_a.test for that testcase, taken from the original
issue. This commit also includes other, fringe, situations that I
noticed while working on the fix. It essentially just adds a separate
attribute to the account class(?) that hold's the account's "real"
balance, which is only updated when the user attempts an assertion on a
real account. The virtual account's balance is updated the way it always
was.
|
|
|
|
|
|
| |
This was changed to be specific to the author's local TZ in 139beba.
With the test TZ override fixed, revert this back to the value that is
correct across all environments (including travis).
|
|
|
|
|
|
|
|
|
|
|
| |
python3 has buffered output by default, hence testcase option_py
returned no output when executed under test harness. I think this is a
real problem in the way python interpreter is embeded, and i.e. stdout
is not flushed until after test case has died. However, running things
unbuffered seems to make everything work.
But for some reason I had to adjust 1057.test slightly. I have no idea
what those numbers mean, and if running things unbuffered break stuff.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I expect an output of `ledger print` to be consumable by ledger.
But on the next journal
```
2019/11/25 * test
Foo 1 AAPL {1.00 EUR} [2019/11/24]
Bar
```
it prints [19-Nov-24], which it does not understand with default
options.
With this patch it prints [2019/11/24].
|
|
|
|
|
|
|
|
|
| |
'%F' is equivalent to '%Y-%m-%d'. Using the '%F' format without this
change this would not give any hard errors but instead give dates with
wrong years because the 'has_year' trait would not be correctly
detected and thus parsed dates would get set to the current year.
Fixes #1775
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a tag is more than 2 characters from the beginning of the comment the
tag value offset will be wrong. #1702 gives an example where the tag
line starts with `;;` and the tag value thus becomes `: Bar` because of
this bug.
The use `index` in the offset calulation seems to be a lucky coincidence
that works in the common case: "; tag: value"
Fixes #1702
|
|
|
|
| |
Fixes #1753
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is possible to create a stack overflow by giving an option that is
longer than the buffer that is used during option parsing because the
length of the input string is not checked.
Prevent the issue by always checking the input string length and
discarding options that does not fit in the buffer as invalid.
This issue has been assigned CVE-2017-12481.
Thanks to Gwan Yeong Kim for reporting this issue.
Fixes #1222
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is possible to create a stack overflow by giving a date that is
longer than the buffer that is used during date parsing because the
length of the input string is not checked. The `VERIFY` macro is only
enabled when debug-mode is enabled and the `--verify-memory` argument is
used.
Prevent the issue by always checking the input string length and
discarding dates that does not fit in the buffer as invalid.
This issue has been assigned CVE-2017-12482.
Fixes #1224
|
|\
| |
| | |
Move garbage-input.dat to test case using it
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All-null transactions (i.e. a transaction where all postings have a null
amount) are discarded during parsing and the `xact` object is free'd.
But if the transaction contains a deferred posting this results in a
use-after-free vulnerability because a reference to the deferred posting
is stored in the account object which is later read when deferred
postings are applied after parsing is finished.
Ignore null deferred postings to prevent this – they should not have any
effect any way.
Thanks to Cory Duplantis for reporting this issue and providing an
initial analysis.
Ref TALOS-2017-0304, CVE-2017-2808
Fixes #1723
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cory Duplantis reported that "A specially crafted journal file can
cause [an] integer underflow resulting in code execution". Cory
provided this test case:
Expenses:Food:Groceries $ 37.50 ; ] [=2004/01/01]
Note the ] that comes before [ after the ;.
This issue was reported and described in great detail by Cory Duplantis
of Cisco Talos. This issue is known as TALOS-2017-0303 and has been
assigned CVE-2017-2807. Cory's description can be found at
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303
Fixes #1722
|
|
|
|
|
| |
Add a test case for issue #1703 which John Wiegley fixed in commit
56025cde ("Don't attempt to invert a value if it's already zero").
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes #1626.
The tokenizer eagerly classifies 4-digit integers as TOK_A_YEAR
tokens. In some contexts such as "every 1000 years", this causes
errors.
I think the tokenizer does not have enough information available to
distinguish between integers and years.
After this patch, the tokenizer will always classify integers as
TOK_INT tokens. The "has 4 digits" heuristic to determine if an
integer is a year is moved to the place where it's actually
needed (and it can be slightly more generic there, too).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes issue #1127. In my understanding, PR #552 was meant to fix
this, but was incomplete.
Without this patch, automated transactions are invisible to
assertions.
This patch fixes this by adding a flag to the account to tell it that
there is a new posting, analogous to the behavior of finalize().
I dug up issue #1127 too late to find that this is the same solution
proposed by @tbm. Although I wrote this independently, credit goes to
Martin Michlmayr (@tbm).
|
| |
|
|
|
|
| |
Fixes #520
|
|
|
|
|
|
|
|
|
|
|
| |
`changed_value_posts::create_accounts()` reuses the `<Revalued>` account
from `display_filter`, but when clearing `changed_value_posts`
`create_accounts()` would be called before the account had been
recreated by `display_filter_posts`. This results in a segfault when
using the --group-by option.
I'm not sure if `display_filter_posts` has the same problem but I
reordered the calls there too for good measure.
|
|\
| |
| | |
Fix bug where .total used in value exprs breaks totals
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* Re-initialize (to VOID) totals for the account and its ancestors on adding
postings. Otherwise the cache intended for use by recursive calls of C++
function total() in computing family (i.e. account hierarchy) totals is
incorrectly retained from one top-level call to the next, causing
inconsistent and broken behaviour.
* Re-initialize (to false) calculated and gathered. Otherwise we won't
e.g. recalculate stale totals for ancestor accounts (e.g. won't recalculate
Assets:Savings total if Assets:Savings changes via a posting).
Although the value expression total function is used by ledger itself in
computing totals, this bug would only appear on use of .total in user-supplied
value expressions computed *during parsing* of ledger files, rather than after
parsing (I believe ledger only ever calls it for internal purposes after
parsing is complete).
It is possible this bug also affected other functions than total (perhaps even
in circumstances other than analagous to that described in the preceding
paragraph). I have not checked that.
|
|\ \
| |/
|/| |
Fix Bug 1182: Error message for parse failure after '='
|
| | |
|
|\ \
| | |
| | | |
Add regress test for bugs 550 and 584
|
| |/ |
|
|\ \
| | |
| | | |
Add regress test for bug 1055
|
| |/ |
|
|/ |
|
| |
|
|
|
|
| |
This was reported as Bug #1109
|
| |
|
|
|
|
| |
%g is not available in Windows strftime. See documentation at https://msdn.microsoft.com/en-us/library/fe06s4ak.aspx
|