Add input validation to 'jerry_parse' and 'jerry_parse_and_save_snapshot'

Fixes #1549

JerryScript-DCO-1.0-Signed-off-by: László Langó [email protected]

Author: LaszloLango

jerry-core/jerry-snapshot.c

@@ -458,6 +458,11 @@ jerry_parse_and_save_snapshot (const jerry_char_t *source_p, /**< script source
                                size_t buffer_size) /**< the buffer's size */
 {
 #ifdef JERRY_ENABLE_SNAPSHOT_SAVE
+  if (!lit_is_utf8_string_valid ((lit_utf8_byte_t *) source_p, (lit_utf8_size_t) source_size))
+  {
+    return 0;
+  }
+
   snapshot_globals_t globals;
   ecma_value_t parse_status;
   ecma_compiled_code_t *bytecode_data_p;

jerry-core/jerry.c

@@ -256,6 +256,11 @@ jerry_parse (const jerry_char_t *source_p, /**< script source */
 #ifdef JERRY_JS_PARSER
   jerry_assert_api_available ();
 
+  if (!lit_is_utf8_string_valid ((lit_utf8_byte_t *) source_p, (lit_utf8_size_t) source_size))
+  {
+    return ecma_raise_syntax_error (ECMA_ERR_MSG ("Input must be a valid UTF-8 string."));
+  }
+
   ecma_compiled_code_t *bytecode_data_p;
   ecma_value_t parse_status;
 

tests/jerry/fail/1/regression-test-issue-1549.js

@@ -0,0 +1,15 @@
+// Copyright JS Foundation and other contributors, http://js.foundation
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+va'Ôc=