RESOLVED FIXED 153964
String.match should defend against matches that would crash the VM 
https://bugs.webkit.org/show_bug.cgi?id=153964
Summary String.match should defend against matches that would crash the VM
Filip Pizlo
Reported 2016-02-07 10:16:13 PST
Patch forthcoming.
Attachments
the patch (4.69 KB, patch)
2016-02-07 10:21 PST, Filip Pizlo 		saam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Filip Pizlo
Comment 1 2016-02-07 10:21:04 PST
Created attachment 270825 [details] the patch
Saam Barati
Comment 2 2016-02-07 10:48:21 PST
Comment on attachment 270825 [details] the patch View in context: https://bugs.webkit.org/attachment.cgi?id=270825&action=review LGTM > Source/JavaScriptCore/runtime/StringPrototype.cpp:1000 > + size_t maximumReasonableMatchSize = 1000000000; You could make this const.
Filip Pizlo
Comment 3 2016-02-07 11:01:47 PST
(In reply to comment #2) > Comment on attachment 270825 [details] > the patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=270825&action=review > > LGTM > > > Source/JavaScriptCore/runtime/StringPrototype.cpp:1000 > > + size_t maximumReasonableMatchSize = 1000000000; > > You could make this const. OK!
Filip Pizlo
Comment 4 2016-02-07 11:03:56 PST
Landed in http://trac.webkit.org/changeset/196240
Note You need to log in before you can comment on or make changes to this bug.