WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
NEW
125929
Crash through integer overflow when regexp quantifiers exceed INT_MAX
https://bugs.webkit.org/show_bug.cgi?id=125929
Summary
Crash through integer overflow when regexp quantifiers exceed INT_MAX
Till Schneidereit
Reported
2013-12-18 09:42:29 PST
The testcase in [1] crashes JSC and Safari. We fixed this in the SpiderMonkey import of Yarr by clamping quantifiers to INT_MAX. [1]:
https://bugzilla.mozilla.org/show_bug.cgi?id=872971#c4
Attachments
Add attachment
proposed patch, testcase, etc.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug