Title: [274813] trunk
- Revision
- 274813
- Author
- sbar...@apple.com
- Date
- 2021-03-22 16:01:47 -0700 (Mon, 22 Mar 2021)
Log Message
LiteralParser shouldn't make error messages of length ~2^31
https://bugs.webkit.org/show_bug.cgi?id=223483
<rdar://75572255>
Reviewed by Robin Morisset.
JSTests:
* stress/literal-parser-error-message-oom.js: Added.
Source/_javascript_Core:
* runtime/LiteralParser.cpp:
(JSC::LiteralParser<CharType>::parse):
Modified Paths
Added Paths
Diff
Modified: trunk/JSTests/ChangeLog (274812 => 274813)
--- trunk/JSTests/ChangeLog 2021-03-22 22:29:52 UTC (rev 274812)
+++ trunk/JSTests/ChangeLog 2021-03-22 23:01:47 UTC (rev 274813)
@@ -1,3 +1,13 @@
+2021-03-22 Saam Barati <sbar...@apple.com>
+
+ LiteralParser shouldn't make error messages of length ~2^31
+ https://bugs.webkit.org/show_bug.cgi?id=223483
+ <rdar://75572255>
+
+ Reviewed by Robin Morisset.
+
+ * stress/literal-parser-error-message-oom.js: Added.
+
2021-03-22 Michael Saboff <msab...@apple.com>
[YARR] Interpreter incorrectly matches non-BMP characters with multiple .
Added: trunk/JSTests/stress/literal-parser-error-message-oom.js (0 => 274813)
--- trunk/JSTests/stress/literal-parser-error-message-oom.js (rev 0)
+++ trunk/JSTests/stress/literal-parser-error-message-oom.js 2021-03-22 23:01:47 UTC (rev 274813)
@@ -0,0 +1,6 @@
+//@ skip if $memoryLimited
+//@ runDefault
+
+try {
+ JSON.parse('a'.repeat(2**31-25));
+} catch { }
Modified: trunk/JSTests/stress/out-of-memory-making-error-string-in-literal-parser.js (274812 => 274813)
--- trunk/JSTests/stress/out-of-memory-making-error-string-in-literal-parser.js 2021-03-22 22:29:52 UTC (rev 274812)
+++ trunk/JSTests/stress/out-of-memory-making-error-string-in-literal-parser.js 2021-03-22 23:01:47 UTC (rev 274813)
@@ -9,5 +9,5 @@
exception = e;
}
-if (exception != 'SyntaxError: JSON Parse error: Unexpected identifier "aaaaaaaaaa..."')
+if (exception != 'SyntaxError: JSON Parse error: Unexpected identifier "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa..."')
throw "FAIL: actual " + exception;
Modified: trunk/Source/_javascript_Core/ChangeLog (274812 => 274813)
--- trunk/Source/_javascript_Core/ChangeLog 2021-03-22 22:29:52 UTC (rev 274812)
+++ trunk/Source/_javascript_Core/ChangeLog 2021-03-22 23:01:47 UTC (rev 274813)
@@ -1,3 +1,14 @@
+2021-03-22 Saam Barati <sbar...@apple.com>
+
+ LiteralParser shouldn't make error messages of length ~2^31
+ https://bugs.webkit.org/show_bug.cgi?id=223483
+ <rdar://75572255>
+
+ Reviewed by Robin Morisset.
+
+ * runtime/LiteralParser.cpp:
+ (JSC::LiteralParser<CharType>::parse):
+
2021-03-22 Michael Saboff <msab...@apple.com>
[YARR] Interpreter incorrectly matches non-BMP characters with multiple .
Modified: trunk/Source/_javascript_Core/runtime/LiteralParser.cpp (274812 => 274813)
--- trunk/Source/_javascript_Core/runtime/LiteralParser.cpp 2021-03-22 22:29:52 UTC (rev 274812)
+++ trunk/Source/_javascript_Core/runtime/LiteralParser.cpp 2021-03-22 23:01:47 UTC (rev 274813)
@@ -1261,19 +1261,22 @@
m_parseErrorMessage = "Unexpected token '}'"_s;
return JSValue();
case TokIdentifier: {
- typename Lexer::LiteralParserTokenPtr token = m_lexer.currentToken();
+ auto token = m_lexer.currentToken();
- auto tryMakeErrorString = [=] (typename Lexer::LiteralParserTokenPtr token, unsigned length, bool addEllipsis) -> String {
+ auto tryMakeErrorString = [&] (unsigned length) -> String {
+ bool addEllipsis = length != token->stringLength;
if (token->stringIs8Bit)
return tryMakeString("Unexpected identifier \"", StringView { token->stringToken8, length }, addEllipsis ? "..." : "", '"');
return tryMakeString("Unexpected identifier \"", StringView { token->stringToken16, length }, addEllipsis ? "..." : "", '"');
};
- String errorString = tryMakeErrorString(token, token->stringLength, false);
+ constexpr unsigned maxLength = 200;
+
+ String errorString = tryMakeErrorString(std::min(token->stringLength, maxLength));
if (!errorString) {
constexpr unsigned shortLength = 10;
if (token->stringLength > shortLength)
- errorString = tryMakeErrorString(token, shortLength, true);
+ errorString = tryMakeErrorString(shortLength);
if (!errorString)
errorString = "Unexpected identifier";
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
