Closed Bug 227705 Opened 21 years ago Closed 21 years ago

Accessing *state->cpend in jsregexp.c

Tracking

()

Status:

RESOLVED FIXED

People

(Reporter: igor, Unassigned)

Details

Attachments

(1 file)

Fix 21 years ago Igor Bukanov 1.53 KB, patch	brendan : review+	Details \| Diff \| Splinter Review

Igor Bukanov

Reporter

Description

•

21 years ago

The lines 483-485 in jsregexp.c contain: if ((state->cp < state->cpend) && (*state->cp == '?') && ( (state->cp[1] == '=') || (state->cp[1] == '!') || (state->cp[1] == ':') )) { which would access a character at state->cpend for regexp like /(?/. AFAIK since all char arrays are 0-terminated, it does not cause any problems, but it still I guess violates recommended practice. In addition the line 488 contains useless check against state->cpend which always passes since the initial "if" guaranties that at that point (state->cp < state->cpend)

Igor Bukanov

Reporter

Comment 1

•

21 years ago

Attached patch Fix — Details — Splinter Review

Igor Bukanov

Reporter

Updated

•

21 years ago

Attachment #136972 - Flags: review?(brendan)

Igor Bukanov

Reporter

Comment 2

•

21 years ago

CC Brendan for review

Brendan Eich [:brendan]

Comment 3

•

21 years ago

Comment on attachment 136972 [details] [diff] [review] Fix I actually checked in a much bigger change that included a version of this fix. /be

Attachment #136972 - Flags: review?(brendan) → review+

Brendan Eich [:brendan]

Comment 4

•

21 years ago

Status: NEW → RESOLVED

Closed: 21 years ago

Resolution: --- → FIXED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Accessing *state->cpend in jsregexp.c

Categories

(Core :: JavaScript Engine, defect)

Tracking

()

People

(Reporter: igor, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Updated

Comment 2

Comment 3

Comment 4

Attachment

General

Description

File Name

Content Type