wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 872971 - Clamp regexp quantifiers to INT_MAX. r=jandem

Browse Source
This commit is contained in:
Till Schneidereit 2013-12-18 16:45:26 +01:00
parent bb2550d1e4
commit b118028370
2 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
js/src/tests/js1_8_5/regress/regress-yarr-regexp.js
View File

@ -10,3 +10,8 @@ reportCompare(["a", ""].toSource(), toSource(/((?:.)*?)a/.exec("a")));
reportCompare(["a", ""].toSource(), toSource(/a((?:.)*)/.exec("a")));
reportCompare(["B", "B"].toSource(), toSource(/([A-Z])/.exec("fooBar")));
// These just mustn't crash. See bug 872971
reportCompare(/x{2147483648}x/.test('1'), false);
reportCompare(/x{2147483648,}x/.test('1'), false);
reportCompare(/x{2147483647,2147483648}x/.test('1'), false);

11
js/src/yarr/YarrParser.h
View File

@ -612,12 +612,23 @@ private:
unsigned min;
if (!consumeNumber(min))
break;
// Clamping to INT_MAX is technically a spec deviation. In practice, it's
// undetectable, because we can't even allocate strings large enough for
// quantifiers this large to ever create different results than smaller ones.
if (min > INT_MAX)
min = INT_MAX;
unsigned max = min;
if (tryConsume(',')) {
if (peekIsDigit()) {
if (!consumeNumber(max))
break;
// Clamping to INT_MAX is technically a spec deviation. In practice,
// it's undetectable, because we can't even allocate strings large
// enough for quantifiers this large to ever create different results
// than smaller ones.
if (max > INT_MAX)
max = INT_MAX;
} else {
max = quantifyInfinite;
}