Movatterモバイル変換

Skip to content

jerryscript-project/jerryscriptPublic

NotificationsYou must be signed in to change notification settings
Fork687
Star7.3k

Fix: avoid 1B OOB read at EOF after class static block (Fixes #5254)#5261

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Open

primavera-dolce wants to merge1 commit intojerryscript-project:master

base:master

Choose a base branch

fromprimavera-dolce:fix/5254-static-block-eof-oob

Open

Fix: avoid 1B OOB read at EOF after class static block (Fixes #5254)#5261

primavera-dolce wants to merge1 commit intojerryscript-project:masterfromprimavera-dolce:fix/5254-static-block-eof-oob

Conversation

@primavera-dolce

Copy link

primavera-dolce commentedOct 15, 2025

When a class static block ends at EOF (no trailing newline), the caller unconditionally consumed the next char after '}', causing a 1-byte OOB read in lexer_consume_next_character. Guard at the call site and raise the same parse error the next stage expects.

JerryScript-DCO-1.0-Signed-off-by: Harriet Zhuharrietzhu0115@gmail.com

PLEASE REMOVE THIS TEMPLATE BEFORE SUBMITTING

@primavera-dolce

Fix: avoid 1B OOB read at EOF after class static block (Fixesjerrysc…

26adaf9

…ript-project#5254)When a class static block ends at EOF (no trailing newline), the callerunconditionally consumed the next char after '}', causing a 1-byte OOB readin lexer_consume_next_character. Guard at the call site and raise the sameparse error the next stage expects.JerryScript-DCO-1.0-Signed-off-by: Harriet Zhu harrietzhu0115@gmail.com

seanshpark

seanshpark reviewed

View reviewed changes

jerry-core/parser/js/js-parser-expr.c

		fields_size+=sizeof (scanner_location_t);

		lexer_consume_next_character (context_p);

Copy link

Contributor

seanshparkOct 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Suggested change

seanshpark

seanshpark reviewed

View reviewed changes

jerry-core/parser/js/js-parser-expr.c

Comment on lines +865 to +868

		else
		{
		lexer_consume_next_character (context_p);
		}

Copy link

Contributor

seanshparkOct 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

maybe we don't needelse asparser_raise_error will stop the execution.

Suggested change

	else
	{
	lexer_consume_next_character (context_p);
	}
	lexer_consume_next_character (context_p);

@seanshpark

Copy link

Contributor

seanshpark commentedOct 22, 2025•
edited
Loading

~~How about adding test .js file intests/jerry like#5244 ?~~
I'm not sure current test framework can solve adding regression test for this case...

seanshpark

seanshpark reviewed

View reviewed changes

jerry-core/parser/js/js-parser-expr.c


		lexer_consume_next_character (context_p);

		if (JERRY_UNLIKELY(context_p->source_p >=context_p->source_end_p))

Copy link

Contributor

seanshparkOct 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

Suggested change

	if (JERRY_UNLIKELY(context_p->source_p >=context_p->source_end_p))
	if (JERRY_UNLIKELY(context_p->source_p >=context_p->source_end_p))

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Labels

None yet

2 participants

@primavera-dolce

@seanshpark

[8]ページ先頭

©2009-2025 Movatter.jp