Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 06f13ed8ff1643051c8cfdad88aebc438e57c0e5
https://github.com/WebKit/WebKit/commit/06f13ed8ff1643051c8cfdad88aebc438e57c0e5
Author: Anthony Tarbinian <[email protected]>
Date: 2025-10-06 (Mon, 06 Oct 2025)
Changed paths:
A
JSTests/stress/dont-crash-on-stack-overflow-JSON-parse-deeply-nested-with-reviver.js
M Source/JavaScriptCore/runtime/LiteralParser.cpp
Log Message:
-----------
[JSC] Add stack overflow checks to LiteralParser::parse
https://bugs.webkit.org/show_bug.cgi?id=299452
rdar://158627869
Reviewed by Yusuke Suzuki.
This patch adds checks to LiteralParser::parse to prevent against stack
overflows with
deeply nested JSON. Without these checks, JSC will crash with a stack overflow
when the destructor for `ranges` is called at the end of `jsonParseSlow`'s
scope.
These checks prevent `ranges` from having too many recursive levels and
gracefully throws a
stack overflow error before the recursive chain of destructors can be called.
These checks are guarded by a `if constexpr (reviverMode ==
JSONReviverMode::Enabled)`, meaning
they will only apply in the case where a reviver function is provided and the
jsonParseSlow path
is called.
Test:
JSTests/stress/dont-crash-on-stack-overflow-JSON-parse-deeply-nested-with-reviver.js
*
JSTests/stress/dont-crash-on-stack-overflow-JSON-parse-deeply-nested-with-reviver.js:
Added.
(let.identityReviver):
(catch):
* Source/JavaScriptCore/runtime/LiteralParser.cpp:
(JSC::reviverMode>::parse):
Canonical link: https://commits.webkit.org/301098@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
