Ignore:
Timestamp:
Jan 12, 2015, 5:04:37 PM (11 years ago)
Author:
[email protected]
Message:

Out of bounds read in IdentifierArena::makeIdentifier
https://bugs.webkit.org/show_bug.cgi?id=140376

Patch by Alexey Proskuryakov.

Reviewed and ChangeLogged by Geoffrey Garen.

No test, since this is a small past-the-end read, which is very
difficult to turn into a reproducible failing test -- and existing tests
crash reliably using ASan.

  • parser/ParserArena.h:

(JSC::IdentifierArena::makeIdentifier):
(JSC::IdentifierArena::makeIdentifierLCharFromUChar): Check for a
zero-length string input, like we do in the literal parser, since it is
not valid to dereference characters in a zero-length string.

A zero-length string is allowed in JavaScript -- for example, "".

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/ChangeLog

    r178310 r178311  
     12015-01-12  Geoffrey Garen  <[email protected]>
     2
     3        Out of bounds read in IdentifierArena::makeIdentifier
     4        https://bugs.webkit.org/show_bug.cgi?id=140376
     5
     6        Patch by Alexey Proskuryakov.
     7
     8        Reviewed and ChangeLogged by Geoffrey Garen.
     9
     10        No test, since this is a small past-the-end read, which is very
     11        difficult to turn into a reproducible failing test -- and existing tests
     12        crash reliably using ASan.
     13
     14        * parser/ParserArena.h:
     15        (JSC::IdentifierArena::makeIdentifier):
     16        (JSC::IdentifierArena::makeIdentifierLCharFromUChar): Check for a
     17        zero-length string input, like we do in the literal parser, since it is
     18        not valid to dereference characters in a zero-length string.
     19
     20        A zero-length string is allowed in JavaScript -- for example, "".
     21
    1222015-01-11  Sam Weinig  <[email protected]>
    223
Note: See TracChangeset for help on using the changeset viewer.