Details
-
Bug
-
Resolution: Done
-
P1: Critical
-
5.12.1, 5.12
-
Manjaro Linux
clang 7.0.1
gcc 8.2.1
-
ac0d313ab15aa78c444d00ed6a1a202a1351dfa1 (qt/qtdeclarative/5.12)
Description
- Have the same program as in
QTBUG-73985. - Build it on Qt 5.12.1.
- Run the program passing the attached input file as parameter: /(
{3072140529})? {3072140529}
/
The program crashes:1 WTF::CrashOnOverflow::overflowed CheckedArithmetic.h 80 0x7ffff7e6b8ef 2 WTF::Checked<unsigned int, WTF::CrashOnOverflow>::operator+=<unsigned int> MacroAssemblerX86Common.h 126 0x7ffff7e7d9f9 3 WTF::Checked<unsigned int, WTF::CrashOnOverflow>::operator+=<unsigned int, WTF::CrashOnOverflow> CheckedArithmetic.h 596 0x7ffff7e7d9f9 4 JSC::Yarr::YarrGenerator<(JSC::Yarr::YarrJITCompileMode)1>::generate YarrJIT.cpp 1996 0x7ffff7e7d9f9 5 JSC::Yarr::YarrGenerator<(JSC::Yarr::YarrJITCompileMode)1>::compile YarrJIT.cpp 621 0x7ffff7e8079e 6 JSC::Yarr::jitCompile new_allocator.h 79 0x7ffff7e6b806 7 QV4::Heap::RegExp::init qv4regexp.cpp 225 0x7ffff7c4711d 8 QV4::MemoryManager::alloc<QV4::RegExp, QV4::ExecutionEngine *, QString, unsigned int> qv4value_p.h 150 0x7ffff7c4825d 9 QV4::RegExp::create qv4regexp.cpp 200 0x7ffff7c4825d 10 QV4::CompiledData::CompilationUnit::linkToEngine qendian_p.h 84 0x7ffff7b38d53 11 QV4::Script::parse qqmlrefcount_p.h 96 0x7ffff7c4c056 12 QJSEngine::evaluate qjsengine.cpp 525 0x7ffff7bac426 13 main main.cpp 12 0x55555555533a
Attachments
For Gerrit Dashboard: QTBUG-74048 | ||||||
---|---|---|---|---|---|---|
# | Subject | Branch | Project | Status | CR | V |
245301,10 | Add libfuzzer test for QJSEngine::evaluate() | dev | qt/qtdeclarative | Status: MERGED | +2 | 0 |
260162,3 | Yarr: Reject quantifiers larger than 16M | 5.12 | qt/qtdeclarative | Status: MERGED | +2 | 0 |