Changeset 245152 in webkit
- Timestamp:
- May 9, 2019 12:40:42 PM (5 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 3 edited
-
JSTests/ChangeLog (modified) (1 diff)
-
JSTests/stress/many-nested-functions-parser-stack-overflow.js (added)
-
Source/JavaScriptCore/ChangeLog (modified) (1 diff)
-
Source/JavaScriptCore/parser/Parser.cpp (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/JSTests/ChangeLog
r245084 r245152 1 2019-05-09 Keith Miller <keith_miller@apple.com> 2 3 parseStatementListItem needs a stack overflow check 4 https://bugs.webkit.org/show_bug.cgi?id=197749 5 6 Reviewed by Saam Barati. 7 8 * stress/many-nested-functions-parser-stack-overflow.js: Added. 9 1 10 2019-05-08 Saam barati <sbarati@apple.com> 2 11 -
trunk/Source/JavaScriptCore/ChangeLog
r245145 r245152 1 2019-05-09 Keith Miller <keith_miller@apple.com> 2 3 parseStatementListItem needs a stack overflow check 4 https://bugs.webkit.org/show_bug.cgi?id=197749 5 <rdar://problem/50302697> 6 7 Reviewed by Saam Barati. 8 9 There currently exists a path in the parser where you can loop 10 arbibrarily many times without a stack overflow check. This patch 11 adds a check to parseStatementListItem to break that cycle. 12 13 * parser/Parser.cpp: 14 (JSC::Parser<LexerType>::parseStatementListItem): 15 1 16 2019-05-09 Keith Miller <keith_miller@apple.com> 2 17 -
trunk/Source/JavaScriptCore/parser/Parser.cpp
r244038 r245152 653 653 DepthManager statementDepth(&m_statementDepth); 654 654 m_statementDepth++; 655 failIfStackOverflow(); 655 656 TreeStatement result = 0; 656 657 bool shouldSetEndOffset = true;
Note: See TracChangeset
for help on using the changeset viewer.
