details: http://hg.nginx.org/njs/rev/ff8f717db1be branches: changeset: 234:ff8f717db1be user: Andrey Zelenkov <zelen...@nginx.com> date: Thu Nov 03 18:12:10 2016 +0300 description: String.prototype.repeat method fix.
Found with afl-fuzz. diffstat: njs/njs_string.c | 5 +++++ njs/test/njs_unit_test.c | 3 +++ 2 files changed, 8 insertions(+), 0 deletions(-) diffs (28 lines): diff -r d7a10c0dfcce -r ff8f717db1be njs/njs_string.c --- a/njs/njs_string.c Mon Oct 31 16:28:12 2016 +0300 +++ b/njs/njs_string.c Thu Nov 03 18:12:10 2016 +0300 @@ -1756,6 +1756,11 @@ njs_string_prototype_repeat(njs_vm_t *vm (void) njs_string_prop(&string, &args[0]); + if (string.size == 0) { + vm->retval = njs_string_empty; + return NXT_OK; + } + if (nargs > 1) { max = NJS_STRING_MAX_LENGTH / string.size; n = args[1].data.u.number; diff -r d7a10c0dfcce -r ff8f717db1be njs/test/njs_unit_test.c --- a/njs/test/njs_unit_test.c Mon Oct 31 16:28:12 2016 +0300 +++ b/njs/test/njs_unit_test.c Thu Nov 03 18:12:10 2016 +0300 @@ -3618,6 +3618,9 @@ static njs_unit_test_t njs_test[] = { nxt_string("'абв'.repeat(3)"), nxt_string("абвабвабв") }, + { nxt_string("''.repeat(3)"), + nxt_string("") }, + { nxt_string("'abc'.repeat(0)"), nxt_string("") }, _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel