From 5541631336af0ba757888fc16a919ddaa0f38f12 Mon Sep 17 00:00:00 2001
From: Dmitry Volyntsev <xeioex@nginx.com>
Date: Mon, 8 Jan 2024 16:40:42 -0800
Subject: [PATCH] Fixed RegExp.prototype.exec() when second argument is absent.

Previously, when the second argument is undefined, NaN is casted to
unsigned which is undefined behavior.

Found by UndefinedBehaviorSanitizer.
---
 src/njs_regexp.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/njs_regexp.c b/src/njs_regexp.c
index e61bf54c..d4706cc0 100644
--- a/src/njs_regexp.c
+++ b/src/njs_regexp.c
@@ -1235,6 +1235,7 @@ njs_int_t
 njs_regexp_prototype_exec(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs,
     njs_index_t unused, njs_value_t *retval)
 {
+    unsigned     flags;
     njs_int_t    ret;
     njs_value_t  *r, *s;
     njs_value_t  string_lvalue;
@@ -1253,8 +1254,14 @@ njs_regexp_prototype_exec(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs,
         return ret;
     }
 
-    return njs_regexp_builtin_exec(vm, r, s,
-                                   njs_number(njs_arg(args, nargs, 2)), retval);
+    if (nargs > 2) {
+        flags = njs_number(njs_arg(args, nargs, 2));
+
+    } else {
+        flags = 0;
+    }
+
+    return njs_regexp_builtin_exec(vm, r, s, flags, retval);
 }
 
 
-- 
2.47.3