[Webkit-unassigned] [Bug 16127] Reproducible crash inside PCRE under guard malloc

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Nov 30 05:55:42 PST 2007


http://bugs.webkit.org/show_bug.cgi?id=16127


eric at webkit.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #17604|                            |review?
               Flag|                            |




------- Comment #7 from eric at webkit.org  2007-11-30 05:55 PDT -------
Created an attachment (id=17604)
 --> (http://bugs.webkit.org/attachment.cgi?id=17604&action=view)
Check against patternEnd to make sure we don't walk of the end of the string

 JavaScriptCore/ChangeLog                           |   12 +++++
 JavaScriptCore/pcre/pcre_compile.cpp               |   47 ++++++++++----------
 LayoutTests/ChangeLog                              |   10 ++++
 .../fast/js/regexp-compile-crash-expected.txt      |   11 +++++
 LayoutTests/fast/js/regexp-compile-crash.html      |   22 +++++++++
 5 files changed, 78 insertions(+), 24 deletions(-)


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list