Headline
CVE-2021-33796: Fix use-after-free in regexp source property access. · ccxvii/mujs@7ef066a
In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service.
Commit
Permalink
Browse files
Browse the repository at this point in the history
Fix use-after-free in regexp source property access.
The underlying string of the “source” property of a regular expression object can be freed if the regexp is garbage collected.
This could lead to a use-after-free, because the accessor incorrectly assumed that the regexp source was an interned (thus never freed) string. Fix this by calling js_pushstring instead of the faster but unsafe js_pushliteral.
Many thanks to Connor Nelson for spotting this!
- Loading branch information