Headline
CVE-2022-30503: Fixed Array.prototype.fill() for typed-arrays. · nginx/njs@5c6130a
Nginx NJS v0.7.2 was discovered to contain a segmentation violation in the function njs_set_number at src/njs_value.h.
Permalink
Browse files
Fixed Array.prototype.fill() for typed-arrays.
This closes #478 issue on Github.
- Loading branch information
1 parent 81af263 commit 5c6130a2a0b4c41ab415f6b8992aa323636338b9
Showing 2 changed files with 3 additions and 2 deletions.
- njs_typed_array.c
- njs_unit_test.c
@@ -702,8 +702,6 @@ njs_typed_array_set_value(njs_vm_t *vm, njs_typed_array_t *array,
njs_typed_array_prop_set(vm, array, index, num);
njs_set_number(setval, num);
return NJS_OK;
}
@@ -5409,6 +5409,9 @@ static njs_unit_test_t njs_test[] =
“Array.prototype.fill.call(o, 2).a”),
njs_str(“4”) },
{ njs_str("Array.prototype.fill.call(new Int32Array(1))"),
njs_str(“0”) },
{ njs_str("ArrayBuffer()"),
njs_str(“TypeError: Constructor ArrayBuffer requires 'new’”) },
0 comments on commit 5c6130a
Please sign in to comment.