YourWishes/jerryscript
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Correct Regexp literal error release (#4351)

Browse Source 
The error object for an incorrect Regexp literal was derefed then the error message
was accessed. This could lead to a state where the message was not available but
it was still accessed.

This could occur in case of heavy memory load or with mem stress mode.

JerryScript-DCO-1.0-Signed-off-by: Peter Gal pgal.usz@partner.samsung.com
This commit is contained in:
Péter Gál
2020-12-01 11:28:04 +01:00
committed by GitHub
parent 8eda7cb7d8
commit 5bd88e2723
1 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
jerry-core/parser/js/js-lexer.c
+3 -1
View File
@@ -3109,7 +3109,6 @@ lexer_construct_regexp_object (parser_context_t *context_p, /**< context */
ecma_value_t error = jcontext_take_exception (); ecma_value_t error = jcontext_take_exception ();
ecma_property_t *prop_p = ecma_find_named_property (ecma_get_object_from_value (error), ecma_property_t *prop_p = ecma_find_named_property (ecma_get_object_from_value (error),
ecma_get_magic_string (LIT_MAGIC_STRING_MESSAGE)); ecma_get_magic_string (LIT_MAGIC_STRING_MESSAGE));
ecma_free_value (error);
const char default_msg[] = "Invalid regular expression"; const char default_msg[] = "Invalid regular expression";
lit_utf8_byte_t *buffer_p = (lit_utf8_byte_t *) default_msg; lit_utf8_byte_t *buffer_p = (lit_utf8_byte_t *) default_msg;
lit_utf8_size_t size = sizeof (buffer_p) - 1; lit_utf8_size_t size = sizeof (buffer_p) - 1;
@@ -3127,6 +3126,7 @@ lexer_construct_regexp_object (parser_context_t *context_p, /**< context */
if (literal_index != PARSER_INVALID_LITERAL_INDEX) if (literal_index != PARSER_INVALID_LITERAL_INDEX)
{ {
ecma_free_value (error);
context_p->lit_object.literal_p = literal_p; context_p->lit_object.literal_p = literal_p;
context_p->lit_object.index = literal_index; context_p->lit_object.index = literal_index;
return; return;
@@ -3137,6 +3137,8 @@ lexer_construct_regexp_object (parser_context_t *context_p, /**< context */
memcpy ((uint8_t *) literal_p->u.char_p, buffer_p, size); memcpy ((uint8_t *) literal_p->u.char_p, buffer_p, size);
literal_type = LEXER_STRING_LITERAL; literal_type = LEXER_STRING_LITERAL;
length = size; length = size;
ecma_free_value (error);
#else /* !ENABLED (JERRY_ESNEXT) */ #else /* !ENABLED (JERRY_ESNEXT) */
parser_raise_error (context_p, PARSER_ERR_INVALID_REGEXP); parser_raise_error (context_p, PARSER_ERR_INVALID_REGEXP);
#endif /* ENABLED (JERRY_ESNEXT) */ #endif /* ENABLED (JERRY_ESNEXT) */