Skip to content

Fix: avoid 1B OOB read at EOF after class static block (Fixes #5254) #5261

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix: avoid 1B OOB read at EOF after class static block (Fixes #5254) #5261

wants to merge 1 commit into from
+9 −2

Conversation

primavera-dolce
Copy link

When a class static block ends at EOF (no trailing newline), the caller unconditionally consumed the next char after '}', causing a 1-byte OOB read in lexer_consume_next_character. Guard at the call site and raise the same parse error the next stage expects.

JerryScript-DCO-1.0-Signed-off-by: Harriet Zhu [email protected]

PLEASE REMOVE THIS TEMPLATE BEFORE SUBMITTING

@primavera-dolce
Fix: avoid 1B OOB read at EOF after class static block (Fixes jerrysc…
26adaf9 
…ript-project#5254)

When a class static block ends at EOF (no trailing newline), the caller
unconditionally consumed the next char after '}', causing a 1-byte OOB read
in lexer_consume_next_character. Guard at the call site and raise the same
parse error the next stage expects.

JerryScript-DCO-1.0-Signed-off-by: Harriet Zhu [email protected]
seanshpark
seanshpark reviewed Oct 22, 2025
View reviewed changes
jerry-core/parser/js/js-parser-expr.c
fields_size += sizeof (scanner_location_t);

lexer_consume_next_character (context_p);

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change

seanshpark
seanshpark reviewed Oct 22, 2025
View reviewed changes
jerry-core/parser/js/js-parser-expr.c
Comment on lines +865 to +868
else
{
lexer_consume_next_character (context_p);
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe we don't need else as parser_raise_error will stop the execution.

Suggested change
else
{
lexer_consume_next_character (context_p);
}
lexer_consume_next_character (context_p);

@seanshpark
Copy link
Contributor

seanshpark commented Oct 22, 2025
edited
Loading

How about adding test .js file in tests/jerry like #5244 ?
I'm not sure current test framework can solve adding regression test for this case...

seanshpark
seanshpark reviewed Oct 22, 2025
View reviewed changes
jerry-core/parser/js/js-parser-expr.c

lexer_consume_next_character (context_p);

if (JERRY_UNLIKELY(context_p->source_p >= context_p->source_end_p))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if (JERRY_UNLIKELY(context_p->source_p >= context_p->source_end_p))
if (JERRY_UNLIKELY (context_p->source_p >= context_p->source_end_p))

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@seanshpark seanshpark seanshpark left review comments

Reviewers whose approvals may not affect merge requirements

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@primavera-dolce @seanshpark