DoneJS/quickjs-done-nextgen
1
0
Fork 0
mirror of https://github.com/DoneJS-Runtime/quickjs-done-nextgen.git synced 2025-01-09 17:43:15 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix crash in deserializer on bad regexp

Browse source
This commit is contained in:
Ben Noordhuis 2024-10-17 20:39:43 +02:00
parent 7be9d99d15
commit 966dbfc1f9
2 changed files with 7 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
quickjs.c
View file

@ -35361,7 +35361,12 @@ static JSValue JS_ReadRegExp(BCReaderState *s)
return JS_EXCEPTION; return JS_EXCEPTION;
} }
assert(!bc->is_wide_char); if (bc->is_wide_char) {
js_free_string(ctx->rt, pattern);
js_free_string(ctx->rt, bc);
return JS_ThrowInternalError(ctx, "bad regexp bytecode");
}
if (is_be()) if (is_be())
lre_byte_swap(bc->u.str8, bc->len, /*is_byte_swapped*/TRUE); lre_byte_swap(bc->u.str8, bc->len, /*is_byte_swapped*/TRUE);

1
tests/test_bjson.js
View file

@ -232,6 +232,7 @@ function bjson_test_fuzz()
var corpus = [ var corpus = [
"EBAAAAAABGA=", "EBAAAAAABGA=",
"EObm5oIt", "EObm5oIt",
"EAARABMGBgYGBgYGBgYGBv////8QABEALxH/vy8R/78=",
]; ];
for (var input of corpus) { for (var input of corpus) {
var buf = base64decode(input); var buf = base64decode(input);