YourWishes/jerryscript
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

heap-buffer-overflow in ecma_date_parse_year (#3404)

Browse Source 
If ecma_date_parse_year got an invalid date string, it could overread the input string.
The problem was that we compared the original str_p to str_end_p instead of str_start_p.
Additionally I simplified the parser loop.

Fixes #3388.

JerryScript-DCO-1.0-Signed-off-by: Csaba Osztrogonác oszi@inf.u-szeged.hu
This commit is contained in:
Csaba Osztrogonác
2019-12-03 13:42:39 +01:00
committed by Robert Fancsik
parent 31988877b2
commit d31871d7c9
2 changed files with 3 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/jerry/date-parse.js
+2 -1
View File
@@ -70,7 +70,8 @@ var wrongFormats = ["",
"Fri Jan 01 -1 00:00:00 GMT+0000",
"Fri Jan 01 -11 00:00:00 GMT+0000",
"Fri Jan 01 -111 00:00:00 GMT+0000",
"Fri Jan 01 -1234567 00:00:00 GMT+0000"];
"Fri Jan 01 -1234567 00:00:00 GMT+0000",
"Thu Apr 10 1997"];
for (i in wrongFormats) {
var d = Date.parse(wrongFormats[i]);