[njs] Fixed 1 byte heap buffer overflow.

Dmitry Volyntsev xeioex at nginx.com
Tue Mar 13 17:37:23 UTC 2018


details:   http://hg.nginx.org/njs/rev/8a274b5f1a04
branches:  
changeset: 457:8a274b5f1a04
user:      Dmitry Volyntsev <xeioex at nginx.com>
date:      Tue Mar 13 20:37:01 2018 +0300
description:
Fixed 1 byte heap buffer overflow.

diffstat:

 njs/njs_vm.c             |  4 ++--
 njs/test/njs_unit_test.c |  3 +++
 2 files changed, 5 insertions(+), 2 deletions(-)

diffs (30 lines):

diff -r 6738ff52a2cb -r 8a274b5f1a04 njs/njs_vm.c
--- a/njs/njs_vm.c	Tue Mar 13 19:51:25 2018 +0300
+++ b/njs/njs_vm.c	Tue Mar 13 20:37:01 2018 +0300
@@ -3514,11 +3514,11 @@ again:
 
                 for (i = 0; i < backtrace->items; i++) {
                     if (be[i].line != 0) {
-                        len += sizeof("    at  (:)\n") - 1 + 10
+                        len += sizeof("    at  (:)\n") + 10
                                + be[i].name.length;
 
                     } else {
-                        len += sizeof("    at  (native)\n") - 1
+                        len += sizeof("    at  (native)\n")
                                + be[i].name.length;
                     }
                 }
diff -r 6738ff52a2cb -r 8a274b5f1a04 njs/test/njs_unit_test.c
--- a/njs/test/njs_unit_test.c	Tue Mar 13 19:51:25 2018 +0300
+++ b/njs/test/njs_unit_test.c	Tue Mar 13 20:37:01 2018 +0300
@@ -5706,6 +5706,9 @@ static njs_unit_test_t  njs_test[] =
     { nxt_string("Object.prototype.__proto__ === null"),
       nxt_string("true") },
 
+    { nxt_string("Object.prototype.__proto__.f()"),
+      nxt_string("InternalError: method 'f' query failed:-1") },
+
     { nxt_string("Object.prototype.toString.call(Object.prototype)"),
       nxt_string("[object Object]") },
 


More information about the nginx-devel mailing list