Bug 695567 - mujs segfaults when runing large js code
Summary: mujs segfaults when runing large js code
Status: RESOLVED FIXED
Alias: None
Product: MuPDF
Classification: Unclassified
Component: apps (show other bugs)
Version: unspecified
Hardware: Other All
: P4 normal
Assignee: MuPDF bugs
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-05 17:40 UTC by Szabolcs Nagy
Modified: 2014-10-28 05:55 UTC (History)
1 user (show)

See Also:
Customer:
Word Size: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Szabolcs Nagy 2014-10-05 17:40:41 UTC 
mujs can segfault while executing large js code because
F->codelen grows to 64k and code addresses are encoded
as signed short which then overflows

i think larger address representation should be used or
F->codelen should be restricted to 64k (and jump offsets
should be interpreted as unsigned assuming all addressing
is absolute)
Comment 1 Tor Andersson 2014-10-28 05:55:56 UTC 
Fixed in MuJS commit 8a659b28210220f6e29d5ed671e2c22adde9a7c1
Author: Tor Andersson <tor.andersson@artifex.com>
Date:   Thu Oct 9 15:08:02 2014 +0200

    Typedef instruction and check addresses and literals for overflow when emitting code.