lexborisov/github154.patch

## github154.patch
# HG changeset patch
# User Alexander Borisov <alexander.borisov@nginx.com>
# Date 1557327873 -10800
#      Wed May 08 18:04:33 2019 +0300
# Node ID 71ef7906935642e6323cbf03fbf9e225f46884e1
# Parent  31caf5d422b907ccc38f471ff98872cc5363a713
Fixed segfault in String.prototype.replace() with special chars.

Special chars in replace string, like a 'o'.replace('o\0').

This closes #154 issue on GitHub.

diff -r 31caf5d422b9 -r 71ef79069356 njs/njs_string.c
--- a/njs/njs_string.c	Wed May 08 17:05:05 2019 +0300
+++ b/njs/njs_string.c	Wed May 08 18:04:33 2019 +0300
@@ -3258,8 +3258,9 @@ njs_string_replace_search(njs_vm_t *vm,
     end = (p + r->part[0].size) - (search.length - 1);

     do {
-        if (memcmp(p, search.start, search.length) == 0) {
-
+        if ((size_t) (end - p) >= search.length
+            && memcmp(p, search.start, search.length) == 0)
+        {
             if (r->substitutions != NULL) {
                 captures[0] = p - r->part[0].start;
                 captures[1] = captures[0] + search.length;
diff -r 31caf5d422b9 -r 71ef79069356 njs/test/njs_unit_test.c
--- a/njs/test/njs_unit_test.c	Wed May 08 17:05:05 2019 +0300
+++ b/njs/test/njs_unit_test.c	Wed May 08 18:04:33 2019 +0300
@@ -5416,6 +5416,9 @@ static njs_unit_test_t  njs_test[] =
     { nxt_string("''.replace(/a*/g, '')"),
       nxt_string("") },

+    { nxt_string("'o'.replace('a\\0')"),
+      nxt_string("o") },
+
     { nxt_string("'abc'.match(/a*/g)"),
       nxt_string("a,,,") },
	# HG changeset patch
	# User Alexander Borisov <alexander.borisov@nginx.com>
	# Date 1557327873 -10800
	# Wed May 08 18:04:33 2019 +0300
	# Node ID 71ef7906935642e6323cbf03fbf9e225f46884e1
	# Parent 31caf5d422b907ccc38f471ff98872cc5363a713
	Fixed segfault in String.prototype.replace() with special chars.

	Special chars in replace string, like a 'o'.replace('o\0').

	This closes #154 issue on GitHub.

	diff -r 31caf5d422b9 -r 71ef79069356 njs/njs_string.c
	--- a/njs/njs_string.c Wed May 08 17:05:05 2019 +0300
	+++ b/njs/njs_string.c Wed May 08 18:04:33 2019 +0300
	@@ -3258,8 +3258,9 @@ njs_string_replace_search(njs_vm_t *vm,
	end = (p + r->part[0].size) - (search.length - 1);

	do {
	- if (memcmp(p, search.start, search.length) == 0) {
	-
	+ if ((size_t) (end - p) >= search.length
	+ && memcmp(p, search.start, search.length) == 0)
	+ {
	if (r->substitutions != NULL) {
	captures[0] = p - r->part[0].start;
	captures[1] = captures[0] + search.length;
	diff -r 31caf5d422b9 -r 71ef79069356 njs/test/njs_unit_test.c
	--- a/njs/test/njs_unit_test.c Wed May 08 17:05:05 2019 +0300
	+++ b/njs/test/njs_unit_test.c Wed May 08 18:04:33 2019 +0300
	@@ -5416,6 +5416,9 @@ static njs_unit_test_t njs_test[] =
	{ nxt_string("''.replace(/a*/g, '')"),
	nxt_string("") },

	+ { nxt_string("'o'.replace('a\\0')"),
	+ nxt_string("o") },
	+
	{ nxt_string("'abc'.match(/a*/g)"),
	nxt_string("a,,,") },