shithub: libmujs

Download patch

ref: e082e6e61c251b9dd4b3c58e58bd63b4122cbb85
parent: fe71080c59b400c8d9020c4eeb1065e8b1ae9508
author: Tor Andersson <[email protected]>
date: Mon Jan 20 07:18:53 EST 2020

Check for leading zero in js_isarrayindex that caused false positives.

We're supposed to check whether a string turned into an integer and back
is itself, while also returning the value of the integer. We were
unintentionally allowing integers with leading zero through.

--- a/jsrun.c
+++ b/jsrun.c
@@ -444,6 +444,11 @@
 int js_isarrayindex(js_State *J, const char *p, int *idx)
 {
 	int n = 0;
+
+	/* check for '0' and integers with leading zero */
+	if (p[0] == '0')
+		return (p[1] == 0) ? *idx = 0, 1 : 0;
+
 	while (*p) {
 		int c = *p++;
 		if (c >= '0' && c <= '9') {