[Pkg-javascript-commits] [uglifyjs] 58/190: Prevent ReDoS by not using a regexp to verify floating point numbers

[Antonio Terceiro]

This is an automated email from the git hooks/post-receive script.

terceiro pushed a commit to annotated tag upstream/2.7.0
in repository uglifyjs.

commit 63d35f8f6db6d90d6142132d2d5f0bd5d3d698aa
Author: Richard van Velzen <rvanvelzen at experty.com>
Date:   Mon Nov 9 11:28:27 2015 +0100

    Prevent ReDoS by not using a regexp to verify floating point numbers
    
    `parseFloat` will return `NaN` for invalid numbers anyway, which is the check used to throw the parse error.
    
    Fixes #857
---
 lib/parse.js | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/parse.js b/lib/parse.js
index 1ab0358..4c548a2 100644
--- a/lib/parse.js
+++ b/lib/parse.js
@@ -59,7 +59,6 @@ var OPERATOR_CHARS = makePredicate(characters("+-*&%=<>!?|~^"));
 
 var RE_HEX_NUMBER = /^0x[0-9a-f]+$/i;
 var RE_OCT_NUMBER = /^0[0-7]+$/;
-var RE_DEC_NUMBER = /^\d*\.?\d*(?:e[+-]?\d*(?:\d\.?|\.?\d)\d*)?$/i;
 
 var OPERATORS = makePredicate([
     "in",
@@ -182,7 +181,7 @@ function parse_js_number(num) {
         return parseInt(num.substr(2), 16);
     } else if (RE_OCT_NUMBER.test(num)) {
         return parseInt(num.substr(1), 8);
-    } else if (RE_DEC_NUMBER.test(num)) {
+    } else {
         return parseFloat(num);
     }
 };

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/uglifyjs.git