YourWishes/jerryscript
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix leaking char buffer in RegExp.prototype[@@replace] (#3400)

Browse Source 
Fixes #3392.

JerryScript-DCO-1.0-Signed-off-by: Dániel Bátyai dbatyai@inf.u-szeged.hu
This commit is contained in:
Dániel Bátyai
2019-12-03 09:34:54 +01:00
committed by Robert Fancsik
parent cc03c08c3d
commit 9634ca556e
2 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
jerry-core/ecma/operations/ecma-regexp-object.c
+2 -1
View File
@@ -2220,11 +2220,12 @@ ecma_regexp_replace_helper (ecma_value_t this_arg, /**< this argument */
(lit_utf8_size_t) (string_end_p - source_position_p)); (lit_utf8_size_t) (string_end_p - source_position_p));
result = ecma_make_string_value (ecma_stringbuilder_finalize (&replace_ctx.builder)); result = ecma_make_string_value (ecma_stringbuilder_finalize (&replace_ctx.builder));
goto cleanup_results; goto cleanup_chars;
cleanup_builder: cleanup_builder:
ecma_stringbuilder_destroy (&replace_ctx.builder); ecma_stringbuilder_destroy (&replace_ctx.builder);
cleanup_chars:
if (string_flags & ECMA_STRING_FLAG_MUST_BE_FREED) if (string_flags & ECMA_STRING_FLAG_MUST_BE_FREED)
{ {
jmem_heap_free_block ((void *) replace_ctx.string_p, replace_ctx.string_size); jmem_heap_free_block ((void *) replace_ctx.string_p, replace_ctx.string_size);
tests/jerry/es2015/symbol-replace.js
+8
View File
@@ -660,3 +660,11 @@ try {
} catch (e) { } catch (e) {
assert (e === "abrupt @@replace") assert (e === "abrupt @@replace")
} }
class Regexplike2 {
exec() {
return {}
}
}
re = new Regexplike2();
assert (replace.call (re, "1") === "undefined");