Headline
CVE-2022-28049: Fixed allocation of large array literals. · nginx/njs@f65981b
NGINX NJS 0.7.2 was discovered to contain a NULL pointer dereference via the component njs_vmcode_array at /src/njs_vmcode.c.
Permalink
Browse files
Fixed allocation of large array literals.
Previously, allocation of large array literals may result in null-pointer dereference. The reason is that njs_array_alloc() may return a slow array when size is large enough, but the instruction code assumes that array is always flat.
The fix is to check fast_array flag before accessing array->start.
This closes #473 issue on Github.
- Loading branch information
Showing with 14 additions and 8 deletions.
- +10 −8 src/njs_vmcode.c
- +4 −0 src/test/njs_unit_test.c