[webkit-reviews] review granted: [Bug 16127] Reproducible crash
inside PCRE under guard malloc : [Attachment 17604] Check
against patternEnd to make sure we don't walk off the end of
the string
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Nov 30 09:30:03 PST 2007
Darin Adler <darin at apple.com> has granted Eric Seidel <eric at webkit.org>'s
request for review:
Bug 16127: Reproducible crash inside PCRE under guard malloc
http://bugs.webkit.org/show_bug.cgi?id=16127
Attachment 17604: Check against patternEnd to make sure we don't walk off the
end of the string
http://bugs.webkit.org/attachment.cgi?id=17604&action=edit
------- Additional Comments from Darin Adler <darin at apple.com>
This is not the correct way to write tests in fast/js -- the actual test should
be in a resources file, and the wrapper generated by the make-js-test-wrappers
script. With that structure we can possibly run them standalone in the future.
+ while ((++ptr < patternEnd) && ((c = *ptr) != ']')) {
if (c > 127)
c = getCharAndAdvanceIfSurrogate(ptr);
This still has a "run off the end" problem, because
getCharAndAdvanceIfSurrogate doesn't check the end. But that problem will go
away if we merge my change to remove support for UTF-16 surrogate pairs,
currently up for review.
I'm a little bit opposed to this code using parentheses around the patternEnd
conditions, when all the other similar code in the same file omits parens in
cases like these.
r=me, but better to improve the tests.
More information about the webkit-reviews
mailing list