lroal
commented
1 month ago Yes, hope this gets published soon.
Closed BlueTux611 closed 1 month ago
lroal
commented
1 month ago Yes, hope this gets published soon.
NitishGameChanges
commented
1 month ago When this PR will get merged?
paulmillr
commented
1 month ago it needs tests.
quiquetubi
commented
1 month ago Was there a reason why this PR was closed instead of merged? I see tests weren't added either
paulmillr
commented
1 month ago @quiquetubi no particular reason. I was not in the mood of keeping it open.
Proposing as a possible solution if it fits.
Issue Description: "braces" fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In "lib/parse.js," if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating heap memory without freeing it at any moment of the loop. Eventually, the JavaScript heap limit is reached, and the program will crash.
To address this issue I added a check for imbalanced braces after the maxLength check. When tested it no longer leads to "Javascript heap out of memory" and will instead throw syntax error when imbalanced braces are used similar to when input is above the max length.