Bug 153964 - String.match should defend against matches that would crash the VM
Summary: String.match should defend against matches that would crash the VM
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: WebKit Nightly Build
Hardware: All All
: P2 Normal
Assignee: Filip Pizlo
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-02-07 10:16 PST by Filip Pizlo
Modified: 2016-02-07 11:03 PST (History)
6 users (show)

See Also:


Attachments
the patch (4.69 KB, patch)
2016-02-07 10:21 PST, Filip Pizlo
saam: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Filip Pizlo 2016-02-07 10:16:13 PST
Patch forthcoming.
Comment 1 Filip Pizlo 2016-02-07 10:21:04 PST
Created attachment 270825 [details]
the patch
Comment 2 Saam Barati 2016-02-07 10:48:21 PST
Comment on attachment 270825 [details]
the patch

View in context: https://bugs.webkit.org/attachment.cgi?id=270825&action=review

LGTM

> Source/JavaScriptCore/runtime/StringPrototype.cpp:1000
> +        size_t maximumReasonableMatchSize = 1000000000;

You could make this const.
Comment 3 Filip Pizlo 2016-02-07 11:01:47 PST
(In reply to comment #2)
> Comment on attachment 270825 [details]
> the patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=270825&action=review
> 
> LGTM
> 
> > Source/JavaScriptCore/runtime/StringPrototype.cpp:1000
> > +        size_t maximumReasonableMatchSize = 1000000000;
> 
> You could make this const.

OK!
Comment 4 Filip Pizlo 2016-02-07 11:03:56 PST
Landed in http://trac.webkit.org/changeset/196240