fix heap-buffer-overflow in lexer_compare_identifier_to_char #5228
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zherczeg
approved these changes
May 22, 2025
| } | ||
| } | ||
|
|
||
| check_syntax_error("class C {#static async''"); No newline at end of file |
There was a problem hiding this comment.
Add a newline at the end, please
JerryScript-DCO-1.0-Signed-off-by: tangbin [email protected]
|
I want to know, if the patch to be fixed is to be integrated, how should I strive?
…------------------ 原始邮件 ------------------
发件人: "Zoltan ***@***.***>;
发送时间: 2025年5月22日(星期四) 下午2:46
收件人: ***@***.***>;
抄送: ***@***.***>; ***@***.***>;
主题: Re: [jerryscript-project/jerryscript] fix heap-buffer-overflow in lexer_compare_identifier_to_char (PR #5228)
@zherczeg批准了这个推送请求。
LGTM
在tests/jerry/fail/class_static_async_function.js:
除非适用法律要求或书面同意,本许可下分发的软件+//以“原样”为基础+//分发,不提供任何形式的保证或条件,可以是明示的或隐含的。+// 参见许可证中管理许可证权限和+// 限制的特定语言。++function check_syntax_error(code) {+ try {+ eval(code)+ assert(false)+ } catch (e) {+ assert(e instance of SyntaxError)+ } + } + + check_santhaerror("class C {#static async''");
请在末尾处添加一个换行符
-
直接回复这封邮件,在GitHub上查看它,或者取消订阅.
***@***.*** >
|
|
You only a need another approve |
|
Some checks there failed. I looked at the failed logs but found no connection with my modifications. I tried to execute the failed commands on linux but didn't get the same result. The recent modification to trigger the access control seems to fail in similar places. Could you please take a look?
If there are any problems, I will make the changes in time on my side.
…------------------ 原始邮件 ------------------
发件人: "Zoltan ***@***.***>;
发送时间: 2025年6月2日(星期一) 晚上6:31
收件人: ***@***.***>;
抄送: ***@***.***>; ***@***.***>;
主题: Re: [jerryscript-project/jerryscript] fix heap-buffer-overflow in lexer_compare_identifier_to_char (PR #5228)
zherczeg left a comment (jerryscript-project/jerryscript#5228)
You only a need another approve
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
|
We try to fix these fails, the riot one is updated here: #5231 |
|
Ok. I'll try to have a look
…------------------ 原始邮件 ------------------
发件人: "Zoltan ***@***.***>;
发送时间: 2025年6月3日(星期二) 中午12:25
收件人: ***@***.***>;
抄送: ***@***.***>; ***@***.***>;
主题: Re: [jerryscript-project/jerryscript] fix heap-buffer-overflow in lexer_compare_identifier_to_char (PR #5228)
zherczeg left a comment (jerryscript-project/jerryscript#5228)
We try to fix these fails, the riot one is updated here: #5231
You can help us if you have time.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patch fixes #5066
There is a problem there. When size is passed to 0 in lexer_compare_identifier_to_char, because of do while(size > 0) and the size type is uint, it will cause an unexpected loop and result in heap overflow