153964 2016-02-07 10:16:13 -0800 String.match should defend against matches that would crash the VM 2016-02-07 11:03:56 -0800 1 1 1 Unclassified WebKit JavaScriptCore WebKit Nightly Build All All RESOLVED FIXED P2 Normal --- 1 fpizlo fpizlo commit-queue keith_miller mark.lam msaboff oliver saam oldest_to_newest 1162751 0 fpizlo 2016-02-07 10:16:13 -0800 Patch forthcoming. 1162753 1 270825 fpizlo 2016-02-07 10:21:04 -0800 Created attachment 270825 the patch 1162757 2 270825 saam 2016-02-07 10:48:21 -0800 Comment on attachment 270825 the patch View in context: https://bugs.webkit.org/attachment.cgi?id=270825&action=review LGTM > Source/JavaScriptCore/runtime/StringPrototype.cpp:1000 > + size_t maximumReasonableMatchSize = 1000000000; You could make this const. 1162758 3 fpizlo 2016-02-07 11:01:47 -0800 (In reply to comment #2) > Comment on attachment 270825 [details] > the patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=270825&action=review > > LGTM > > > Source/JavaScriptCore/runtime/StringPrototype.cpp:1000 > > + size_t maximumReasonableMatchSize = 1000000000; > > You could make this const. OK! 1162759 4 fpizlo 2016-02-07 11:03:56 -0800 Landed in http://trac.webkit.org/changeset/196240 270825 2016-02-07 10:21:04 -0800 2016-02-07 10:48:21 -0800 the patch blah.patch text/plain 4801 fpizlo SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTk2MjM4KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDMyIEBA CisyMDE2LTAyLTA3ICBGaWxpcCBQaXpsbyAgPGZwaXpsb0BhcHBsZS5jb20+CisKKyAgICAgICAg U3RyaW5nLm1hdGNoIHNob3VsZCBkZWZlbmQgYWdhaW5zdCBtYXRjaGVzIHRoYXQgd291bGQgY3Jh c2ggdGhlIFZNCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9p ZD0xNTM5NjQKKyAgICAgICAgcmRhcjovL3Byb2JsZW0vMjQzMDExMTkKKworICAgICAgICBSZXZp ZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBUaGlzIGZpeGVzIGEgY3Jhc2ggaW4g YW4gaW50ZXJuYWwgdGVzdCBjYXNlLgorCisgICAgICAgICogcnVudGltZS9BcmdMaXN0LmNwcDoK KyAgICAgICAgKEpTQzo6TWFya2VkQXJndW1lbnRCdWZmZXI6OnNsb3dBcHBlbmQpOiBVc2UgYmVz dCBwcmFjdGljZXMgdG8gZW5zdXJlIHRoYXQgdGhlIHNpemUgd2UKKyAgICAgICAgICAgIGNvbXB1 dGUgbWFrZXMgc2Vuc2UuIENyYXNoIGlmIGl0IHN0b3BzIG1ha2luZyBzZW5zZSwgc2luY2UgbW9z dCB1c2VycyBvZiB0aGlzIEFQSSBhc3N1bWUKKyAgICAgICAgICAgIHRoYXQgdGhleSBhcmUgY3Jl YXRpbmcgc29tZXRoaW5nIHNtYWxsIGVub3VnaCB0byBmaXQgb24gdGhlIHN0YWNrLgorICAgICAg ICAqIHJ1bnRpbWUvQXJnTGlzdC5oOgorICAgICAgICAoSlNDOjpNYXJrZWRBcmd1bWVudEJ1ZmZl cjo6fk1hcmtlZEFyZ3VtZW50QnVmZmVyKToKKyAgICAgICAgKEpTQzo6TWFya2VkQXJndW1lbnRC dWZmZXI6OnNpemUpOgorICAgICAgICAoSlNDOjpNYXJrZWRBcmd1bWVudEJ1ZmZlcjo6b3BlcmF0 b3IgbmV3KTogRGVsZXRlZC4gVGhlc2Ugd2VyZSBpbmVmZmVjdGl2ZS4gQWNjb3JkaW5nIHRvIHRo ZQorICAgICAgICAgICAgZGVidWdnZXIsIHdlIHdlcmUgc3RpbGwgY2FsbGluZyBzeXN0ZW0gbWFs bG9jLiBTbywgSSBjaGFuZ2VkIHRoZSBjb2RlIHRvIHVzZSBmYXN0TWFsbG9jKCkKKyAgICAgICAg ICAgIGRpcmVjdGx5LgorICAgICAgICAoSlNDOjpNYXJrZWRBcmd1bWVudEJ1ZmZlcjo6b3BlcmF0 b3IgZGVsZXRlKTogRGVsZXRlZC4KKyAgICAgICAgKiBydW50aW1lL1N0cmluZ1Byb3RvdHlwZS5j cHA6CisgICAgICAgIChKU0M6OnN0cmluZ1Byb3RvRnVuY01hdGNoKTogRXhwbGljaXRseSBkZWZl bmQgYWdhaW5zdCBhYnN1cmQgc2l6ZXMuIE9mIGNvdXJzZSwgaXQncyBzdGlsbAorICAgICAgICAg ICAgcG9zc2libGUgdG8gY3Jhc2ggdGhlIFZNIG9uIE9PTUUuIFRoYXQncyBzb3J0IG9mIGFsd2F5 cyBiZWVuIHRoZSBwaGlsb3NvcGh5IG9mIEpTQyAtIHdlCisgICAgICAgICAgICBkb24ndCBndWFy YW50ZWUgdGhhdCB5b3UnbGwgZ2V0IGEgbmljZS1sb29raW5nIGVycm9yIHdoZW5ldmVyIHlvdSBy dW4gb3V0IG9mIG1lbW9yeSwKKyAgICAgICAgICAgIHNpbmNlIGluIGEgR0MnZCBlbnZpcm9ubWVu dCB5b3UgY2FuJ3QgcmVhbGx5IGd1YXJhbnRlZSB0aG9zZSB0aGluZ3MuIEJ1dCwgaWYgeW91IGhh dmUgYQorICAgICAgICAgICAgbWF0Y2ggdGhhdCBvYnZpb3VzIHdvbid0IGZpdCBpbiBtZW1vcnks IHRoZW4gcmVwb3J0aW5nIGFuIGVycm9yIGlzIHVzZWZ1bCBpbiBjYXNlIHRoaXMgaXMKKyAgICAg ICAgICAgIGEgZGV2ZWxvcGVyIGV4cGVyaW1lbnRpbmcgd2l0aCBhIGJ1Z2d5IHJlZ2V4cC4KKwog MjAxNi0wMi0wNiAgRmlsaXAgUGl6bG8gIDxmcGl6bG9AYXBwbGUuY29tPgogCiAgICAgICAgIEZU TCBtdXN0IHN0b3JlIHRoZSBjYWxsIHNpdGUgaW5kZXggYmVmb3JlIHJ1bnRpbWUgY2FsbHMsIGV2 ZW4gaWYgaXQncyB0aGUgdGFpbCBjYWxsIHNsb3cgcGF0aApJbmRleDogU291cmNlL0phdmFTY3Jp cHRDb3JlL3J1bnRpbWUvQXJnTGlzdC5jcHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3Jp cHRDb3JlL3J1bnRpbWUvQXJnTGlzdC5jcHAJKHJldmlzaW9uIDE5NjIzMSkKKysrIFNvdXJjZS9K YXZhU2NyaXB0Q29yZS9ydW50aW1lL0FyZ0xpc3QuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC01Mywx MyArNTMsMTQgQEAgdm9pZCBNYXJrZWRBcmd1bWVudEJ1ZmZlcjo6bWFya0xpc3RzKEhlYQogCiB2 b2lkIE1hcmtlZEFyZ3VtZW50QnVmZmVyOjpzbG93QXBwZW5kKEpTVmFsdWUgdikKIHsKLSAgICBp bnQgbmV3Q2FwYWNpdHkgPSBtX2NhcGFjaXR5ICogNDsKLSAgICBFbmNvZGVkSlNWYWx1ZSogbmV3 QnVmZmVyID0gbmV3IEVuY29kZWRKU1ZhbHVlW25ld0NhcGFjaXR5XTsKKyAgICBpbnQgbmV3Q2Fw YWNpdHkgPSAoQ2hlY2tlZDxpbnQ+KG1fY2FwYWNpdHkpICogMikudW5zYWZlR2V0KCk7CisgICAg c2l6ZV90IHNpemUgPSAoQ2hlY2tlZDxzaXplX3Q+KG5ld0NhcGFjaXR5KSAqIHNpemVvZihFbmNv ZGVkSlNWYWx1ZSkpLnVuc2FmZUdldCgpOworICAgIEVuY29kZWRKU1ZhbHVlKiBuZXdCdWZmZXIg PSBzdGF0aWNfY2FzdDxFbmNvZGVkSlNWYWx1ZSo+KGZhc3RNYWxsb2Moc2l6ZSkpOwogICAgIGZv ciAoaW50IGkgPSAwOyBpIDwgbV9jYXBhY2l0eTsgKytpKQogICAgICAgICBuZXdCdWZmZXJbaV0g PSBtX2J1ZmZlcltpXTsKIAogICAgIGlmIChFbmNvZGVkSlNWYWx1ZSogYmFzZSA9IG1hbGxvY0Jh c2UoKSkKLSAgICAgICAgZGVsZXRlIFtdIGJhc2U7CisgICAgICAgIGZhc3RGcmVlKGJhc2UpOwog CiAgICAgbV9idWZmZXIgPSBuZXdCdWZmZXI7CiAgICAgbV9jYXBhY2l0eSA9IG5ld0NhcGFjaXR5 OwpJbmRleDogU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvQXJnTGlzdC5oCj09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT0KLS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9ydW50aW1lL0FyZ0xpc3QuaAkocmV2aXNpb24g MTk2MjMxKQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvQXJnTGlzdC5oCSh3b3Jr aW5nIGNvcHkpCkBAIC01Nyw3ICs1Nyw3IEBAIHB1YmxpYzoKICAgICAgICAgICAgIG1fbWFya1Nl dC0+cmVtb3ZlKHRoaXMpOwogCiAgICAgICAgIGlmIChFbmNvZGVkSlNWYWx1ZSogYmFzZSA9IG1h bGxvY0Jhc2UoKSkKLSAgICAgICAgICAgIGRlbGV0ZSBbXSBiYXNlOworICAgICAgICAgICAgZmFz dEZyZWUoYmFzZSk7CiAgICAgfQogCiAgICAgc2l6ZV90IHNpemUoKSBjb25zdCB7IHJldHVybiBt X3NpemU7IH0KQEAgLTExOSwyMyArMTE5LDYgQEAgcHJpdmF0ZToKICAgICBFbmNvZGVkSlNWYWx1 ZSBtX2lubGluZUJ1ZmZlcltpbmxpbmVDYXBhY2l0eV07CiAgICAgRW5jb2RlZEpTVmFsdWUqIG1f YnVmZmVyOwogICAgIExpc3RTZXQqIG1fbWFya1NldDsKLQotcHJpdmF0ZToKLSAgICAvLyBQcm9o aWJpdHMgbmV3IC8gZGVsZXRlLCB3aGljaCB3b3VsZCBicmVhayBHQy4KLSAgICB2b2lkKiBvcGVy YXRvciBuZXcoc2l6ZV90IHNpemUpCi0gICAgewotICAgICAgICByZXR1cm4gZmFzdE1hbGxvYyhz aXplKTsKLSAgICB9Ci0gICAgdm9pZCBvcGVyYXRvciBkZWxldGUodm9pZCogcCkKLSAgICB7Ci0g ICAgICAgIGZhc3RGcmVlKHApOwotICAgIH0KLQotICAgIHZvaWQqIG9wZXJhdG9yIG5ld1tdKHNp emVfdCk7Ci0gICAgdm9pZCBvcGVyYXRvciBkZWxldGVbXSh2b2lkKik7Ci0KLSAgICB2b2lkKiBv cGVyYXRvciBuZXcoc2l6ZV90LCB2b2lkKik7Ci0gICAgdm9pZCBvcGVyYXRvciBkZWxldGUodm9p ZCosIHNpemVfdCk7CiB9OwogCiBjbGFzcyBBcmdMaXN0IHsKSW5kZXg6IFNvdXJjZS9KYXZhU2Ny aXB0Q29yZS9ydW50aW1lL1N0cmluZ1Byb3RvdHlwZS5jcHAKPT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNl L0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvU3RyaW5nUHJvdG90eXBlLmNwcAkocmV2aXNpb24gMTk2 MjMxKQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL3J1bnRpbWUvU3RyaW5nUHJvdG90eXBlLmNw cAkod29ya2luZyBjb3B5KQpAQCAtOTk2LDYgKzk5NiwxMyBAQCBFbmNvZGVkSlNWYWx1ZSBKU0Nf SE9TVF9DQUxMIHN0cmluZ1Byb3RvCiAgICAgLy8gcmV0dXJuIGFycmF5IG9mIG1hdGNoZXMKICAg ICBNYXJrZWRBcmd1bWVudEJ1ZmZlciBsaXN0OwogICAgIHdoaWxlIChyZXN1bHQpIHsKKyAgICAg ICAgLy8gV2UgZGVmZW5kIG91cnNlbHZlcyBmcm9tIGNyYXp5LgorICAgICAgICBzaXplX3QgbWF4 aW11bVJlYXNvbmFibGVNYXRjaFNpemUgPSAxMDAwMDAwMDAwOworICAgICAgICBpZiAobGlzdC5z aXplKCkgPiBtYXhpbXVtUmVhc29uYWJsZU1hdGNoU2l6ZSkgeworICAgICAgICAgICAgdGhyb3dP dXRPZk1lbW9yeUVycm9yKGV4ZWMpOworICAgICAgICAgICAgcmV0dXJuIEpTVmFsdWU6OmVuY29k ZShqc1VuZGVmaW5lZCgpKTsKKyAgICAgICAgfQorICAgICAgICAKICAgICAgICAgc2l6ZV90IGVu ZCA9IHJlc3VsdC5lbmQ7CiAgICAgICAgIHNpemVfdCBsZW5ndGggPSBlbmQgLSByZXN1bHQuc3Rh cnQ7CiAgICAgICAgIGxpc3QuYXBwZW5kKGpzU3Vic3RyaW5nKGV4ZWMsIHMsIHJlc3VsdC5zdGFy dCwgbGVuZ3RoKSk7Cg==