YourWishes/jerryscript
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

replace_str_curr_p must be inspected before dereferencing (#1926)

Browse Source 
Fixes #1917.

JerryScript-DCO-1.0-Signed-off-by: Robert Fancsik frobert@inf.u-szeged.hu
This commit is contained in:
rerobika
2017-07-20 10:26:51 +02:00
committed by Zoltan Herczeg
parent ce1d555288
commit d75710cf27
2 changed files with 24 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
jerry-core/ecma/builtin-objects/ecma-builtin-string-prototype.c
+9 -6
View File
@@ -909,14 +909,17 @@ ecma_builtin_string_prototype_object_replace_get_string (ecma_builtin_replace_se
{
replace_str_curr_p++;
ecma_char_t next_character = *replace_str_curr_p;
if (next_character >= LIT_CHAR_0 && next_character <= LIT_CHAR_9)
if (replace_str_curr_p < replace_str_end_p)
{
uint32_t full_index = index * 10 + (uint32_t) (next_character - LIT_CHAR_0);
if (full_index > 0 && full_index < match_length)
ecma_char_t next_character = *replace_str_curr_p;
if (next_character >= LIT_CHAR_0 && next_character <= LIT_CHAR_9)
{
index = match_length;
uint32_t full_index = index * 10 + (uint32_t) (next_character - LIT_CHAR_0);
if (full_index > 0 && full_index < match_length)
{
index = match_length;
}
}
}