From b1acd426ece4f6b8c941e3ced387c158c9c22be1 Mon Sep 17 00:00:00 2001 From: Sakthipriyan Vairamani Date: Thu, 9 Jul 2015 03:23:48 +0530 Subject: [PATCH] repl: preventing recursive eval of RegEx predefined properties Fixes: https://github.com/nodejs/io.js/issues/597 In REPL, if we evaluate the `RegExp` object's predefined properties, and if they happen to have the same expression, for example, > RegExp.$1 'RegExp.$1' then doing `eval(RegExp.$1)` would evluated `RegExp.$1` recursively and eventually throw `RangeError: Maximum call stack size exceeded`. This patch stores the old values of `RegExp`'s predefined proprties and restores them just before the current expression entered by user is evaluated. --- lib/repl.js | 16 ++++++++++++++++ test/parallel/test-repl.js | 10 ++++++++++ 2 files changed, 26 insertions(+) diff --git a/lib/repl.js b/lib/repl.js index 1d78a001953bf6..366b2b7b0a7c60 100644 --- a/lib/repl.js +++ b/lib/repl.js @@ -115,6 +115,12 @@ function REPLServer(prompt, // just for backwards compat, see github.com/joyent/node/pull/7127 self.rli = this; + const savedRegExMatches = ['', '', '', '', '', '', '', '', '', '']; + const sep = '\u0000\u0000\u0000'; + const regExMatcher = new RegExp(`^${sep}(.*)${sep}(.*)${sep}(.*)${sep}(.*)` + + `${sep}(.*)${sep}(.*)${sep}(.*)${sep}(.*)` + + `${sep}(.*)$`); + eval_ = eval_ || defaultEval; function defaultEval(code, context, file, cb) { @@ -148,6 +154,10 @@ function REPLServer(prompt, break; } + // This will set the values from `savedRegExMatches` to corresponding + // predefined RegExp properties `RegExp.$1`, `RegExp.$2` ... `RegExp.$9` + regExMatcher.test(savedRegExMatches.join(sep)); + if (!err) { try { if (self.useGlobal) { @@ -166,6 +176,12 @@ function REPLServer(prompt, } } + // After executing the current expression, store the values of RegExp + // predefined properties back in `savedRegExMatches` + for (let idx = 1; idx < savedRegExMatches.length; idx += 1) { + savedRegExMatches[idx] = RegExp[`$${idx}`]; + } + cb(err, result); } diff --git a/test/parallel/test-repl.js b/test/parallel/test-repl.js index 5829b4a52854c7..021781439acd91 100644 --- a/test/parallel/test-repl.js +++ b/test/parallel/test-repl.js @@ -232,6 +232,16 @@ function error_test() { { client: client_unix, send: '\'the\\\n\\\nfourtheye\'\n', expect: prompt_multiline + prompt_multiline + '\'thefourtheye\'\n' + prompt_unix }, + // Regression test for https://github.com/nodejs/io.js/issues/597 + { client: client_unix, + send: '/(.)(.)(.)(.)(.)(.)(.)(.)(.)/.test(\'123456789\')\n', + expect: `true\n${prompt_unix}` }, + // the following test's result depends on the RegEx's match from the above + { client: client_unix, + send: 'RegExp.$1\nRegExp.$2\nRegExp.$3\nRegExp.$4\nRegExp.$5\n' + + 'RegExp.$6\nRegExp.$7\nRegExp.$8\nRegExp.$9\n', + expect: ['\'1\'\n', '\'2\'\n', '\'3\'\n', '\'4\'\n', '\'5\'\n', '\'6\'\n', + '\'7\'\n', '\'8\'\n', '\'9\'\n'].join(`${prompt_unix}`) }, ]); }