superreview requested: [Bug 280769] crash while running javascript that has large regex : [Attachment 176080] proposed fix, based on igor's patches but with jump-to-jump extension

Brendan Eich <brendan@mozilla.org> has asked Mike Shaver <shaver@mozilla.org>
for superreview:
Bug 280769: crash while running javascript that has large regex
https://bugzilla.mozilla.org/show_bug.cgi?id=280769

Attachment 176080: proposed fix, based on igor's patches but with jump-to-jump
extension
https://bugzilla.mozilla.org/attachment.cgi?id=176080&action=edit

------- Additional Comments from Brendan Eich <brendan@mozilla.org>
Ok, here's big fun.  Thanks to igor's patches, this fixes up a bunch of
unchecked or arbitrarily half-sized limits.  But I go further, and when a jump
will overflow its two-byte unsigned immediate offset operand, I find a later
alternate's jump to jump to (and so on, spanning megabytes of regexp bytecode
with 64K jumps if necessary).

Comments?  Please remind me if I missed some remaining bogus limit, or left a
dangling comment.

/be
0
bugzilla
3/3/2005 1:37:01 AM
netscape.mozilla.reviewers 29156 articles. 0 followers. Follow

0 Replies
267 Views

Similar Articles

[PageSpeed] 30

Reply: