YourWishes/jerryscript
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix buffer overflow in 'new Function ()' (ecma_builtin_function_dispatch_construct).

Browse Source 
JerryScript-DCO-1.0-Signed-off-by: Ruben Ayrapetyan r.ayrapetyan@samsung.com
This commit is contained in:
Ruben Ayrapetyan
2015-09-07 20:54:20 +03:00
parent 5a09ff2d36
commit ed321da8c1
1 changed files with 32 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files
jerry-core/ecma/builtin-objects/ecma-builtin-function.cpp
+3
View File
@@ -190,6 +190,8 @@ ecma_builtin_function_dispatch_construct (const ecma_value_t *arguments_list_p,
lit_utf8_size_t str_size = ecma_string_get_size (arguments_str_p); lit_utf8_size_t str_size = ecma_string_get_size (arguments_str_p);
strings_buffer_size = str_size; strings_buffer_size = str_size;
if (str_size != 0)
{
MEM_DEFINE_LOCAL_ARRAY (start_p, str_size, lit_utf8_byte_t); MEM_DEFINE_LOCAL_ARRAY (start_p, str_size, lit_utf8_byte_t);
ssize_t sz = ecma_string_to_utf8_string (arguments_str_p, start_p, (ssize_t) str_size); ssize_t sz = ecma_string_to_utf8_string (arguments_str_p, start_p, (ssize_t) str_size);
@@ -227,6 +229,7 @@ ecma_builtin_function_dispatch_construct (const ecma_value_t *arguments_list_p,
params_count++; params_count++;
MEM_FINALIZE_LOCAL_ARRAY (start_p); MEM_FINALIZE_LOCAL_ARRAY (start_p);
}
ECMA_TRY_CATCH (str_arg_value, ECMA_TRY_CATCH (str_arg_value,
ecma_op_to_string (arguments_list_p[arguments_list_len - 1]), ecma_op_to_string (arguments_list_p[arguments_list_len - 1]),