Headline
CVE-2022-29369: Fixed njs_vmcode_interpreter() when "toString" conversion fails. · nginx/njs@222d6fd
Nginx NJS v0.7.2 was discovered to contain a segmentation violation via njs_lvlhsh_bucket_find at njs_lvlhsh.c.
Permalink
Browse files
Fixed njs_vmcode_interpreter() when “toString” conversion fails.
Previously, while interpreting a user function, njs_vmcode_interpreter() might return prematurely when an error happens. This is not correct because the current frame has to be unwound (or exception caught) first.
The fix is exit through only 5 appropriate exit points to ensure proper unwinding.
This closes #467 issue on Github.
- Loading branch information
Showing with 13 additions and 6 deletions.
- +8 −6 src/njs_vmcode.c
- +5 −0 src/test/njs_unit_test.c