ref: e082e6e61c251b9dd4b3c58e58bd63b4122cbb85
parent: fe71080c59b400c8d9020c4eeb1065e8b1ae9508
author: Tor Andersson <tor.andersson@artifex.com>
date: Mon Jan 20 07:18:53 EST 2020
Check for leading zero in js_isarrayindex that caused false positives. We're supposed to check whether a string turned into an integer and back is itself, while also returning the value of the integer. We were unintentionally allowing integers with leading zero through.
--- a/jsrun.c
+++ b/jsrun.c
@@ -444,6 +444,11 @@
int js_isarrayindex(js_State *J, const char *p, int *idx)
{int n = 0;
+
+ /* check for '0' and integers with leading zero */
+ if (p[0] == '0')
+ return (p[1] == 0) ? *idx = 0, 1 : 0;
+
while (*p) {int c = *p++;
if (c >= '0' && c <= '9') {