This closes #159 issue on GitHub.
nxt_noinline u_char *
-njs_string_alloc(njs_vm_t *vm, njs_value_t *value, uint32_t size,
- uint32_t length)
+njs_string_alloc(njs_vm_t *vm, njs_value_t *value, uint64_t size,
+ uint64_t length)
{
uint32_t total, map_offset, *map;
njs_string_t *string;
+ if (nxt_slow_path(size > NJS_STRING_MAX_LENGTH)) {
+ njs_range_error(vm, "invalid string length");
+ return NULL;
+ }
+
value->type = NJS_STRING;
njs_string_truth(value, size);
njs_index_t unused)
{
u_char *p, *start;
- size_t size, length, mask;
+ uint64_t size, length, mask;
nxt_uint_t i;
njs_string_prop_t string;
njs_ret_t njs_string_set(njs_vm_t *vm, njs_value_t *value, const u_char *start,
uint32_t size);
-u_char *njs_string_alloc(njs_vm_t *vm, njs_value_t *value, uint32_t size,
- uint32_t length);
+u_char *njs_string_alloc(njs_vm_t *vm, njs_value_t *value, uint64_t size,
+ uint64_t length);
njs_ret_t njs_string_new(njs_vm_t *vm, njs_value_t *value, const u_char *start,
uint32_t size, uint32_t length);
njs_ret_t njs_string_hex(njs_vm_t *vm, njs_value_t *value,
{ nxt_string("'A'.repeat(16).toBytes() === 'A'.repeat(16)"),
nxt_string("true") },
+ { nxt_string("var s = 'x'.repeat(2**10).repeat(2**14);"
+ "var a = Array(200).fill(s);"
+ "String.prototype.concat.apply(s, a.slice(1))"),
+ nxt_string("RangeError: invalid string length") },
+
{ nxt_string("var a = 'abcdefgh'; a.substr(3, 15)"),
nxt_string("defgh") },