github_mirrors/quickjs
3
0
Fork 1
mirror of https://github.com/bellard/quickjs.git synced 2025-12-31 05:39:10 +03:00
Code Issues Packages Projects Releases Wiki Activity

removed buffer overflows introduced in regexp optimizations

Browse Source
This commit is contained in:
Fabrice Bellard
2025-11-22 12:10:55 +01:00
parent 728ed94889
commit a77400796d
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libregexp.c
View File

@@ -2737,7 +2737,7 @@ static intptr_t lre_exec_backtrack(REExecContext *s, uint8_t **capture,
if (idx2 >= 0) if (idx2 >= 0)
capture[idx2] = sp[-1].ptr; capture[idx2] = sp[-1].ptr;
else else
aux_stack[-idx2 + 1] = sp[-1].ptr; aux_stack[-idx2 - 1] = sp[-1].ptr;
sp -= 2; sp -= 2;
} }
@@ -2794,7 +2794,7 @@ static intptr_t lre_exec_backtrack(REExecContext *s, uint8_t **capture,
if (idx2 >= 0) if (idx2 >= 0)
capture[idx2] = sp[-1].ptr; capture[idx2] = sp[-1].ptr;
else else
aux_stack[-idx2 + 1] = sp[-1].ptr; aux_stack[-idx2 - 1] = sp[-1].ptr;
sp -= 2; sp -= 2;
} }
pc = sp[-3].ptr; pc = sp[-3].ptr;

2
quickjs.c
View File

@@ -18022,7 +18022,7 @@ static JSValue JS_CallInternal(JSContext *caller_ctx, JSValueConst func_obj,
{ {
sp[-2] = JS_NewRegexp(ctx, sp[-2], sp[-1]); sp[-2] = JS_NewRegexp(ctx, sp[-2], sp[-1]);
sp--; sp--;
if (JS_IsException(sp[-2])) if (JS_IsException(sp[-1]))
goto exception; goto exception;
} }
BREAK; BREAK;