Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Heap Buffer Over-read in skip_space #1867

Closed
JeffJerseyCow opened this issue May 30, 2017 · 2 comments
Closed

Heap Buffer Over-read in skip_space #1867

JeffJerseyCow opened this issue May 30, 2017 · 2 comments

Comments

@JeffJerseyCow
Copy link

JeffJerseyCow commented May 30, 2017
edited
Loading

Within the function skip_spaces, js-lexer.c:218 – a buffer over-read occurs when looking for the bytes 0xe2 0x80 0xa9, paragraph separator, by attempting a read ahead. There is an assert on line 217 that would prevent this in debug mode. Is the idea to let bugs into release builds? Or is there an over-sight I’m not seeing?
@zherczeg
Copy link
Member

In JerryScript it is the user responsibility to pass valid UTF8/CESU8 data to the engine. If the user does not trust the input, they can use jerry_is_valid_utf8_string and jerry_is_valid_cesu8_string to check it. If these functions returns with false, the user should trow an error.

Overall this is a performance optimization for trusted input.

@glistening glistening mentioned this issue Jun 2, 2017
Closed
@LaszloLango
Copy link
Contributor

Fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@zherczeg @LaszloLango @JeffJerseyCow