| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
Part of the expr_t::compile() process is to store the current scope, but
In post_t::add_to_value that scope is temporary and on the stack.
Restore the original context after that process is complete.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add failing test for use case
TBH I don't know what I'm doing here, but this seems to fail for the
right reasons enough to reflect the parser bug here.
* Append to the ident on a closing brace ')'
When parsing the automated rule, a scanner reads the line left-to-right
char-by-char. The default behaviour is to append the char under the
cursor to some `ident` string. When the cursor is on a ')', it skips the
default handling and switches into some special handling: it tries to
test the string it's reading if it's one of the keywords it knows, to
select which type of token just got scanned. If what was scanned is not
a known token, it defaults to `token_t::TERM` and returns a new token
with the currently accumulated `ident` as a `token_t::TERM`. Issue is,
since it skipped the appending to do some custom handling, the
`token_t::TERM` will always be without its closing brace. The scanner
needs to append the character under the cursor if it's falling through
to default processing.
* fix test case
- ensure proper spacing for the posting to have an amount
- ensure the posting balances against an account
- the meaning of the number after `->` is the exit code
* undo wrong approach
* consume_next if unbalanced_braces
* how this can be extended
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The manpage documents `=regex` as equivalent to the `note regex` query
syntax, but the former does not actually work as the parser only handles
an equals sign in the case of `tag type=dining` syntax, and doesn't
handle the case where an equals sign starts a note query.
Fixing this does break queries like `tag type = dining` with spaces
around the equals sign, but that syntax was not intended or documented.
Closes: #2275
|
| |
|
|
|
|
|
|
| |
This adds a new item flag, `ITEM_INFERRED`, that differentiates
generated items from bucket items. This makes them show up as
related items in reports.
|
|
|
|
|
| |
Bugs #777 and #2207 were fixed by commit 49cf3323a ("Change a use of
is_realzero to just is_zero"). Let's add test cases.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In `compare_items` if `sort_order` is a top level expression, it has
no context and `get_context()` method returns the null pointer. To see
this, run
$ ledger -f test/input/demo.ledger --sort display_amount reg --debug scope.symbols
and there will be many lines like
[DEBUG] Binding scope 0 with ...
In such case making a reference to the context is an undefined
behavior (honestly the dereferencing itself feels quite problematic,
but many compilers just run without any complaints) and could
potentially cause segfaults.
Therefore, we change to use only the grandchild scope (`left` or
`right`) for `find_sort_values` here. Note that it may seem to be more
appropriate to use `report` here for the parent scope. However, in
`find_sort_values` which is called right after, the `report` scope is
always bound to this scope. So we only use grandchild scope to avoid
unnecessary operations.
Fixes #2069.
|
|
|
|
|
|
|
| |
Here `comm` could be a null pointer (the new test regress/2057 shows
such a case). So test it before dereferencing to avoid segfault.
Re: #2057
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ensure the path of file to include in `instance_t::include_directive`
is always an absolute path.
Previously when the journal file is given through stdin, we prepend a
"./" to the filename to include. However, in Boost >= 1.77,
`path::normalize` strips the leading "./" [1]. Our `resolve_path`
function calls `normalize` and thus now it returns "file" for "./file"
instead of the previous "./file".
This change causes a failing test regress/BF3C1F82-2 [2], and also
breaks the `include` directive for stdin input:
$ touch file-to-include
$ echo "include file-to-include" | ledger -f - reg
gives
While parsing file "", line 1:
Error: File to include was not found: "file-to-include"
Therefore, we change to prepend the `context.current_directory` to
make the filename absolute in this case as well. The test
regress/BF3C1F82-2 is also updated to match the new output.
Fixes #2075.
[1] https://github.com/boostorg/filesystem/commit/16bd89b7c0398d0dc5904148a865ef3fc3ece7ec
[2] https://github.com/ledger/ledger/issues/2075
|
|
|
|
| |
A better fix for this issue is needed, however.
|
|
|
|
|
|
|
|
| |
This makes it safe to compare results to -1 to indicate EOF,
regardless of whether char is considered signed or unsigned;
and so eliminates compiler warnings on platforms such as ARM.
Fixes bug #2058.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While the current formula works for positive numbers, negative numbers
are incorrectly represented.
One of the issues comes from the fact that floor(x) < x for every x.
`amount_t precision` will always be a non negative number and the code
that attempts to fix the issue for negative number will never run.
If we truncate the number instead, the current formula works for both
positive and negative numbers without making negative numbers a corner
case. So let's do that.
Signed-off-by: Rafael Ascensão <rafa.almas@gmail.com>
|
|
|
|
|
|
|
|
| |
Handle files that don't end with a new line. Throw an error when the buffer
size is exceeded.
Fixes #516
Contributes to #1149
|
|
|
|
|
| |
An amount may have a (single) leading minus sign, but none after that.
Bug #2001 (and #1809).
|
|
|
|
| |
Date format %F is not available on all platforms.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 501fbc08ae5493db77bb34f4c4fbe1f3a3bc14e3 changed the behavior
of this function to not return the "equal" result (==0) from the
recursive call. Previously, the function returned the result of the
recursive call unconditionally.
The current behavior causes an assertion error for certain
postings. The regression test added in this commit shows such a
posting.
I found through Travis CI that the old behavior was incomplete and
caused unstable orderings, so reverting to the old behavior doesn't
work. Instead, this change adds a fallback: If the recursive call that
compares the prices numerically returns "equal", then compare the
prices with their original commodity as a tie breaker.
This commit does not change any existing ordering, it only adds
deterministic ordering in a case that currently triggers an assertion
error.
This fixes issue #1998.
|
|
|
|
|
|
|
|
|
|
|
| |
Ledger is treating balance assignments that have a 0 diff as having
a null posting, leading to the posting being auto-balanced and
therefore causing incorrect values to be returned for the transaction.
I fixed this by just making the posting equal to amt - amt (0 in the
right commodity).
Fixes #1942
|
|
|
|
|
|
|
|
|
|
| |
Commit 557ab32 ("Expose a new utility function for balances:
sorted_amounts") split out some code into a separate function.
Unfortunately, in the process an "if" statement was dropped,
leading to amounts being shown that shouldn't be shown because
they are smaller than the display precision.
Fixes #1969
|
|
|
|
| |
Thanks to Feiko Nanninga for the test case.
|
| |
|
|
|
|
|
|
| |
Add tests for wrong behavior caused by commit 49b07a1c1948 ("Correction
to the way parens are parsed in query expressions") which was reverted
with commit 869302ae9ce3. The bug report was issue #1894.
|
|
|
|
|
|
|
|
| |
The directive `apply account` and similar directives (fixed, year...)
require an argument. Ensure that an argument is given.
Fixes #553
Fixes #1854
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Without these changes, whether an account's balance is virtual
or real is not considered when asserting it's balance. This lead
to situations where the user must consider their virtual postings
when attemping to assert the real balance of the account. See
test/regress/543_a.test for that testcase, taken from the original
issue. This commit also includes other, fringe, situations that I
noticed while working on the fix. It essentially just adds a separate
attribute to the account class(?) that hold's the account's "real"
balance, which is only updated when the user attempts an assertion on a
real account. The virtual account's balance is updated the way it always
was.
|
|
|
|
|
|
| |
This was changed to be specific to the author's local TZ in 139beba.
With the test TZ override fixed, revert this back to the value that is
correct across all environments (including travis).
|
|
|
|
|
|
|
|
|
|
|
| |
python3 has buffered output by default, hence testcase option_py
returned no output when executed under test harness. I think this is a
real problem in the way python interpreter is embeded, and i.e. stdout
is not flushed until after test case has died. However, running things
unbuffered seems to make everything work.
But for some reason I had to adjust 1057.test slightly. I have no idea
what those numbers mean, and if running things unbuffered break stuff.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I expect an output of `ledger print` to be consumable by ledger.
But on the next journal
```
2019/11/25 * test
Foo 1 AAPL {1.00 EUR} [2019/11/24]
Bar
```
it prints [19-Nov-24], which it does not understand with default
options.
With this patch it prints [2019/11/24].
|
|
|
|
|
|
|
|
|
| |
'%F' is equivalent to '%Y-%m-%d'. Using the '%F' format without this
change this would not give any hard errors but instead give dates with
wrong years because the 'has_year' trait would not be correctly
detected and thus parsed dates would get set to the current year.
Fixes #1775
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a tag is more than 2 characters from the beginning of the comment the
tag value offset will be wrong. #1702 gives an example where the tag
line starts with `;;` and the tag value thus becomes `: Bar` because of
this bug.
The use `index` in the offset calulation seems to be a lucky coincidence
that works in the common case: "; tag: value"
Fixes #1702
|
|
|
|
| |
Fixes #1753
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is possible to create a stack overflow by giving an option that is
longer than the buffer that is used during option parsing because the
length of the input string is not checked.
Prevent the issue by always checking the input string length and
discarding options that does not fit in the buffer as invalid.
This issue has been assigned CVE-2017-12481.
Thanks to Gwan Yeong Kim for reporting this issue.
Fixes #1222
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is possible to create a stack overflow by giving a date that is
longer than the buffer that is used during date parsing because the
length of the input string is not checked. The `VERIFY` macro is only
enabled when debug-mode is enabled and the `--verify-memory` argument is
used.
Prevent the issue by always checking the input string length and
discarding dates that does not fit in the buffer as invalid.
This issue has been assigned CVE-2017-12482.
Fixes #1224
|
|\
| |
| | |
Move garbage-input.dat to test case using it
|
| | |
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All-null transactions (i.e. a transaction where all postings have a null
amount) are discarded during parsing and the `xact` object is free'd.
But if the transaction contains a deferred posting this results in a
use-after-free vulnerability because a reference to the deferred posting
is stored in the account object which is later read when deferred
postings are applied after parsing is finished.
Ignore null deferred postings to prevent this – they should not have any
effect any way.
Thanks to Cory Duplantis for reporting this issue and providing an
initial analysis.
Ref TALOS-2017-0304, CVE-2017-2808
Fixes #1723
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Cory Duplantis reported that "A specially crafted journal file can
cause [an] integer underflow resulting in code execution". Cory
provided this test case:
Expenses:Food:Groceries $ 37.50 ; ] [=2004/01/01]
Note the ] that comes before [ after the ;.
This issue was reported and described in great detail by Cory Duplantis
of Cisco Talos. This issue is known as TALOS-2017-0303 and has been
assigned CVE-2017-2807. Cory's description can be found at
https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303
Fixes #1722
|
|
|
|
|
| |
Add a test case for issue #1703 which John Wiegley fixed in commit
56025cde ("Don't attempt to invert a value if it's already zero").
|
| |
|