| Summary: | Null pointer dereference in regexp.c | ||
|---|---|---|---|
| Product: | MuJS | Reporter: | DD <dileep.chinu> |
| Component: | general | Assignee: | Tor Andersson <tor.andersson> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | dileep.chinu |
| Priority: | P4 | ||
| Version: | unspecified | ||
| Hardware: | PC | ||
| OS: | Linux | ||
| Customer: | Word Size: | --- | |
| Attachments: | The input javascript file that is causing the crash with low process memory setting using ulimit as described in desciption | ||
Hi, Any Update on this? Should be fixed in commit fd003eceda531e13fbdd1aeb6e9c73156496e569 Author: Tor Andersson <tor@ccxvii.net> Date: Fri Dec 2 14:56:20 2016 -0500 Fix 697381: check allocation when compiling regular expressions. Also use allocator callback function. |
Created attachment 13175 [details] The input javascript file that is causing the crash with low process memory setting using ulimit as described in desciption In regexp.c: Line 817: g.prog = malloc(sizeof (Reprog)); Line 833: g.prog->flags = cflags; There was no checking if g.proc is null Attached the input javascript used to trigger the crash with low process memory of 25mb using ulimit -Sv 25000