125929 – Crash through integer overflow when regexp quantifiers exceed INT_MAX

NEW125929

Crash through integer overflow when regexp quantifiers exceed INT_MAX

https://bugs.webkit.org/show_bug.cgi?id=125929

Summary Crash through integer overflow when regexp quantifiers exceed INT_MAX

Till Schneidereit

Reported 2013-12-18 09:42:29 PST

The testcase in [1] crashes JSC and Safari. We fixed this in the SpiderMonkey import of Yarr by clamping quantifiers to INT_MAX. [1]: https://bugzilla.mozilla.org/show_bug.cgi?id=872971#c4

Attachments
Add attachment proposed patch, testcase, etc.

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component JavaScriptCore

Assignee

Nobody

Reported

2013-12-18 09:42 PST

Modified

2013-12-18 09:42 PST History

CC List

0 users

URL

Keywords

Depends on

Blocks