Closed Bug 227705 Opened 21 years ago Closed 21 years ago

Accessing *state->cpend in jsregexp.c

Categories

(Core :: JavaScript Engine, defect)

Product:
Core
Component:
JavaScript Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: igor, Unassigned)

Details

Attachments

(1 file)

Fix
1.53 KB, patch
brendan
: review+
Details | Diff | Splinter Review 
The lines 483-485 in jsregexp.c contain:

                if ((state->cp < state->cpend) && (*state->cp == '?')
                        && ( (state->cp[1] == '=')
                                || (state->cp[1] == '!')
                                || (state->cp[1] == ':') )) {

which would access a character at state->cpend for regexp like /(?/. AFAIK since
all char arrays are 0-terminated, it does not cause any problems, but it still I
guess violates recommended practice.

In addition the line 488 contains useless check against state->cpend which
always passes since the initial "if" guaranties that at that point (state->cp <
state->cpend)
Attached patch FixSplinter Review 

    
  

        Attachment #136972 -
        Flags: review?(brendan)

    
    

    
  
CC Brendan for review

    
    

    
  
Comment on attachment 136972 [details] [diff] [review]
Fix

I actually checked in a much bigger change that included a version of this fix.

/be

        Attachment #136972 -
        Flags: review?(brendan) → review+

    
    

    
  
.
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → FIXED

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: