[njs] Fixed heap-buffer-overflow in lexer introduced in 87d05fb35ff9.
Alexander Borisov
alexander.borisov at nginx.com
Thu Feb 27 11:30:46 UTC 2020
details: https://hg.nginx.org/njs/rev/3313d0d593a0
branches:
changeset: 1340:3313d0d593a0
user: Alexander Borisov <alexander.borisov at nginx.com>
date: Thu Feb 27 14:30:14 2020 +0300
description:
Fixed heap-buffer-overflow in lexer introduced in 87d05fb35ff9.
diffstat:
src/njs_lexer.c | 2 +-
src/test/njs_unit_test.c | 15 +++++++++++++++
2 files changed, 16 insertions(+), 1 deletions(-)
diffs (37 lines):
diff -r 6444ae6ab276 -r 3313d0d593a0 src/njs_lexer.c
--- a/src/njs_lexer.c Wed Feb 26 17:48:46 2020 +0300
+++ b/src/njs_lexer.c Thu Feb 27 14:30:14 2020 +0300
@@ -864,7 +864,7 @@ njs_lexer_multi(njs_lexer_t *lexer, njs_
token->text.start = lexer->start - 1;
- while (length != 0 && multi != NULL) {
+ while (length != 0 && multi != NULL && lexer->start < lexer->end) {
c = lexer->start[0];
if (c == multi->symbol) {
diff -r 6444ae6ab276 -r 3313d0d593a0 src/test/njs_unit_test.c
--- a/src/test/njs_unit_test.c Wed Feb 26 17:48:46 2020 +0300
+++ b/src/test/njs_unit_test.c Thu Feb 27 14:30:14 2020 +0300
@@ -33,6 +33,21 @@ static njs_unit_test_t njs_test[] =
{ njs_str("/***/1/*\n**/"),
njs_str("1") },
+ { njs_str(">"),
+ njs_str("SyntaxError: Unexpected token \">\" in 1") },
+
+ { njs_str(">>"),
+ njs_str("SyntaxError: Unexpected token \">>\" in 1") },
+
+ { njs_str(">>>"),
+ njs_str("SyntaxError: Unexpected token \">>>\" in 1") },
+
+ { njs_str("=="),
+ njs_str("SyntaxError: Unexpected token \"==\" in 1") },
+
+ { njs_str("?"),
+ njs_str("SyntaxError: Unexpected token \"?\" in 1") },
+
/* Variable declarations. */
{ njs_str("var x"),
More information about the nginx-devel
mailing list