details: https://hg.nginx.org/njs/rev/275d785ab5bf
branches:
changeset: 2257:275d785ab5bf
user: Dmitry Volyntsev <xei...@nginx.com>
date: Mon Jan 08 16:40:42 2024 -0800
description:
Fixed RegExp.prototype.exec() when second argument is absent.
Previously, when the second argument is undefined, NaN is casted to
unsigned which is undefined behavior.
Found by UndefinedBehaviorSanitizer.
diffstat:
src/njs_regexp.c | 11 +++++++++--
1 files changed, 9 insertions(+), 2 deletions(-)
diffs (28 lines):
diff -r 41d0de3ad198 -r 275d785ab5bf src/njs_regexp.c
--- a/src/njs_regexp.c Mon Jan 08 16:40:42 2024 -0800
+++ b/src/njs_regexp.c Mon Jan 08 16:40:42 2024 -0800
@@ -1235,6 +1235,7 @@ njs_int_t
njs_regexp_prototype_exec(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs,
njs_index_t unused, njs_value_t *retval)
{
+ unsigned flags;
njs_int_t ret;
njs_value_t *r, *s;
njs_value_t string_lvalue;
@@ -1253,8 +1254,14 @@ njs_regexp_prototype_exec(njs_vm_t *vm,
return ret;
}
- return njs_regexp_builtin_exec(vm, r, s,
- njs_number(njs_arg(args, nargs, 2)),
retval);
+ if (nargs > 2) {
+ flags = njs_number(njs_arg(args, nargs, 2));
+
+ } else {
+ flags = 0;
+ }
+
+ return njs_regexp_builtin_exec(vm, r, s, flags, retval);
}
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel
