[njs] Fixed 1 byte heap buffer overflow.
Dmitry Volyntsev
xeioex at nginx.com
Tue Mar 13 17:37:23 UTC 2018
details: http://hg.nginx.org/njs/rev/8a274b5f1a04
branches:
changeset: 457:8a274b5f1a04
user: Dmitry Volyntsev <xeioex at nginx.com>
date: Tue Mar 13 20:37:01 2018 +0300
description:
Fixed 1 byte heap buffer overflow.
diffstat:
njs/njs_vm.c | 4 ++--
njs/test/njs_unit_test.c | 3 +++
2 files changed, 5 insertions(+), 2 deletions(-)
diffs (30 lines):
diff -r 6738ff52a2cb -r 8a274b5f1a04 njs/njs_vm.c
--- a/njs/njs_vm.c Tue Mar 13 19:51:25 2018 +0300
+++ b/njs/njs_vm.c Tue Mar 13 20:37:01 2018 +0300
@@ -3514,11 +3514,11 @@ again:
for (i = 0; i < backtrace->items; i++) {
if (be[i].line != 0) {
- len += sizeof(" at (:)\n") - 1 + 10
+ len += sizeof(" at (:)\n") + 10
+ be[i].name.length;
} else {
- len += sizeof(" at (native)\n") - 1
+ len += sizeof(" at (native)\n")
+ be[i].name.length;
}
}
diff -r 6738ff52a2cb -r 8a274b5f1a04 njs/test/njs_unit_test.c
--- a/njs/test/njs_unit_test.c Tue Mar 13 19:51:25 2018 +0300
+++ b/njs/test/njs_unit_test.c Tue Mar 13 20:37:01 2018 +0300
@@ -5706,6 +5706,9 @@ static njs_unit_test_t njs_test[] =
{ nxt_string("Object.prototype.__proto__ === null"),
nxt_string("true") },
+ { nxt_string("Object.prototype.__proto__.f()"),
+ nxt_string("InternalError: method 'f' query failed:-1") },
+
{ nxt_string("Object.prototype.toString.call(Object.prototype)"),
nxt_string("[object Object]") },
More information about the nginx-devel
mailing list