Bug 287074

Summary:	Prevent Yarr::Interpreter's evaluation stack from growing unboundedly.
Product:	WebKit	Reporter:	Mark Lam <mark.lam>
Component:	New Bugs	Assignee:	Mark Lam <mark.lam>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Mark Lam

Reported 2025-02-05 00:04:30 PST

Currently, Yarr::Interpreter's evaluation stack (see BytecodePattern::m_allocator) is allowed to grow unboundedly until we exhaust all memory. We should bound it instead to a max capacity limit. rdar://143786123

Attachments
Add attachment proposed patch, testcase, etc.

Mark Lam

Comment 1 2025-02-05 00:32:14 PST

Pull request: https://github.com/WebKit/WebKit/pull/40041

EWS

Comment 2 2025-02-10 21:07:49 PST

Committed 290198@main (424c8d883269): <https://commits.webkit.org/290198@main> Reviewed commits have been landed. Closing PR #40041 and removing active labels.

EWS

Comment 3 2025-02-21 15:25:21 PST

Committed 289651.151@safari-7621-branch (09c3b6c3bac8): <https://commits.webkit.org/289651.151@safari-7621-branch> Reviewed commits have been landed. Closing PR #2648 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.