287074 – Prevent Yarr::Interpreter's evaluation stack from growing unboundedly.

RESOLVED FIXED 287074

Prevent Yarr::Interpreter's evaluation stack from growing unboundedly.

https://bugs.webkit.org/show_bug.cgi?id=287074

Summary Prevent Yarr::Interpreter's evaluation stack from growing unboundedly.

Mark Lam

Reported 2025-02-05 00:04:30 PST

Currently, Yarr::Interpreter's evaluation stack (see BytecodePattern::m_allocator) is allowed to grow unboundedly until we exhaust all memory. We should bound it instead to a max capacity limit. rdar://143786123

Attachments
Add attachment proposed patch, testcase, etc.

Mark Lam

Comment 1 2025-02-05 00:32:14 PST

Pull request: https://github.com/WebKit/WebKit/pull/40041

EWS

Comment 2 2025-02-10 21:07:49 PST

Committed 290198@main (424c8d883269): <https://commits.webkit.org/290198@main> Reviewed commits have been landed. Closing PR #40041 and removing active labels.

EWS

Comment 3 2025-02-21 15:25:21 PST

Committed 289651.151@safari-7621-branch (09c3b6c3bac8): <https://commits.webkit.org/289651.151@safari-7621-branch> Reviewed commits have been landed. Closing PR #2648 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component New Bugs

Assignee

Mark Lam

Reported

2025-02-05 00:04 PST

Modified

2025-02-21 15:25 PST History

CC List

1 user Show

URL

Keywords InRadar

Depends on

Blocks