-
Notifications
You must be signed in to change notification settings - Fork 683
fix heap-buffer-overflow in lexer_compare_identifier_to_char #5228
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zherczeg
zherczeg
approved these changes
May 22, 2025
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
}
}
check_syntax_error("class C {#static async''");
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Add a newline at the end, please
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok
@happy-boy-maker
happy-boy-maker
force-pushed
the
master
branch
from
May 22, 2025 09:10
8ad0e4f to
e5c9b08
Compare
JerryScript-DCO-1.0-Signed-off-by: tangbin 2387440390@qq.com
@happy-boy-maker
happy-boy-maker
force-pushed
the
master
branch
from
May 28, 2025 02:50
e5c9b08 to
57bb21b
Compare
I want to know, if the patch to be fixed is to be integrated, how should I strive?
... ------------------ 原始邮件 ------------------
发件人: "Zoltan ***@***.***>;
发送时间: 2025年5月22日(星期四) 下午2:46
收件人: ***@***.***>;
抄送: ***@***.***>; ***@***.***>;
主题: Re: [jerryscript-project/jerryscript] fix heap-buffer-overflow in lexer_compare_identifier_to_char (PR #5228)
@zherczeg批准了这个推送请求。
LGTM
在tests/jerry/fail/class_static_async_function.js:
除非适用法律要求或书面同意,本许可下分发的软件+//以"原样"为基础+//分发,不提供任何形式的保证或条件,可以是明示的或隐含的。+// 参见许可证中管理许可证权限和+// 限制的特定语言。++function check_syntax_error(code) {+ try {+ eval(code)+ assert(false)+ } catch (e) {+ assert(e instance of SyntaxError)+ } + } + + check_santhaerror("class C {#static async''");
请在末尾处添加一个换行符
-
直接回复这封邮件,在GitHub上查看它,或者取消订阅.
***@***.*** >
You only a need another approve
akosthekiss
akosthekiss
approved these changes
Jun 2, 2025
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm
Some checks there failed. I looked at the failed logs but found no connection with my modifications. I tried to execute the failed commands on linux but didn't get the same result. The recent modification to trigger the access control seems to fail in similar places. Could you please take a look?
If there are any problems, I will make the changes in time on my side.
... ------------------ 原始邮件 ------------------
发件人: "Zoltan ***@***.***>;
发送时间: 2025年6月2日(星期一) 晚上6:31
收件人: ***@***.***>;
抄送: ***@***.***>; ***@***.***>;
主题: Re: [jerryscript-project/jerryscript] fix heap-buffer-overflow in lexer_compare_identifier_to_char (PR #5228)
zherczeg left a comment (jerryscript-project/jerryscript#5228)
You only a need another approve
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.Message ID: ***@***.***>
We try to fix these fails, the riot one is updated here: #5231
You can help us if you have time.
Ok. I'll try to have a look
... ------------------ 原始邮件 ------------------
发件人: "Zoltan ***@***.***>;
发送时间: 2025年6月3日(星期二) 中午12:25
收件人: ***@***.***>;
抄送: ***@***.***>; ***@***.***>;
主题: Re: [jerryscript-project/jerryscript] fix heap-buffer-overflow in lexer_compare_identifier_to_char (PR #5228)
zherczeg left a comment (jerryscript-project/jerryscript#5228)
We try to fix these fails, the riot one is updated here: #5231
You can help us if you have time.
—
Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you authored the thread.Message ID: ***@***.***>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.
This patch fixes #5066
There is a problem there. When size is passed to 0 in lexer_compare_identifier_to_char, because of do while(size > 0) and the size type is uint, it will cause an unexpected loop and result in heap overflow