mirror of
https://github.com/bellard/quickjs.git
synced 2026-03-31 12:18:01 +00:00
added basic protection against too large function in serialized bytecode
Some checks failed
ci / Linux (Ubuntu) (push) Has been cancelled
ci / Linux LTO (push) Has been cancelled
ci / Linux 32bit (push) Has been cancelled
ci / linux-asan (push) Has been cancelled
ci / linux-msan (push) Has been cancelled
ci / linux-ubsan (push) Has been cancelled
ci / macOS (push) Has been cancelled
ci / macos-asan (push) Has been cancelled
ci / macos-ubsan (push) Has been cancelled
ci / freebsd (push) Has been cancelled
ci / Cosmopolitan (push) Has been cancelled
ci / MinGW Windows target (push) Has been cancelled
ci / Windows MSYS2 (push) Has been cancelled
ci / qemu-alpine (linux/386) (push) Has been cancelled
ci / qemu-alpine (linux/arm/v6) (push) Has been cancelled
ci / qemu-alpine (linux/arm/v7) (push) Has been cancelled
ci / qemu-alpine (linux/arm64) (push) Has been cancelled
ci / qemu-alpine (linux/ppc64le) (push) Has been cancelled
ci / qemu-alpine (linux/riscv64) (push) Has been cancelled
ci / qemu-alpine (linux/s390x) (push) Has been cancelled
Some checks failed
ci / Linux (Ubuntu) (push) Has been cancelled
ci / Linux LTO (push) Has been cancelled
ci / Linux 32bit (push) Has been cancelled
ci / linux-asan (push) Has been cancelled
ci / linux-msan (push) Has been cancelled
ci / linux-ubsan (push) Has been cancelled
ci / macOS (push) Has been cancelled
ci / macos-asan (push) Has been cancelled
ci / macos-ubsan (push) Has been cancelled
ci / freebsd (push) Has been cancelled
ci / Cosmopolitan (push) Has been cancelled
ci / MinGW Windows target (push) Has been cancelled
ci / Windows MSYS2 (push) Has been cancelled
ci / qemu-alpine (linux/386) (push) Has been cancelled
ci / qemu-alpine (linux/arm/v6) (push) Has been cancelled
ci / qemu-alpine (linux/arm/v7) (push) Has been cancelled
ci / qemu-alpine (linux/arm64) (push) Has been cancelled
ci / qemu-alpine (linux/ppc64le) (push) Has been cancelled
ci / qemu-alpine (linux/riscv64) (push) Has been cancelled
ci / qemu-alpine (linux/s390x) (push) Has been cancelled
This commit is contained in:
Fabrice Bellard
parent
5022f2b76a
commit
a31dcef98c
14
quickjs.c
14
quickjs.c
@ -38163,9 +38163,10 @@ static JSValue JS_ReadFunctionTag(BCReaderState *s)
|
||||
uint16_t v16;
|
||||
uint8_t v8;
|
||||
int idx, i, local_count;
|
||||
int function_size, cpool_offset, byte_code_offset;
|
||||
int cpool_offset, byte_code_offset;
|
||||
int closure_var_offset, vardefs_offset;
|
||||
|
||||
uint64_t function_size;
|
||||
|
||||
memset(&bc, 0, sizeof(bc));
|
||||
bc.header.ref_count = 1;
|
||||
//bc.gc_header.mark = 0;
|
||||
@ -38215,16 +38216,19 @@ static JSValue JS_ReadFunctionTag(BCReaderState *s)
|
||||
function_size = offsetof(JSFunctionBytecode, debug);
|
||||
}
|
||||
cpool_offset = function_size;
|
||||
function_size += bc.cpool_count * sizeof(*bc.cpool);
|
||||
function_size += (uint64_t)bc.cpool_count * sizeof(*bc.cpool);
|
||||
vardefs_offset = function_size;
|
||||
function_size += local_count * sizeof(*bc.vardefs);
|
||||
function_size += (uint64_t)local_count * sizeof(*bc.vardefs);
|
||||
closure_var_offset = function_size;
|
||||
function_size += bc.closure_var_count * sizeof(*bc.closure_var);
|
||||
function_size += (uint64_t)bc.closure_var_count * sizeof(*bc.closure_var);
|
||||
byte_code_offset = function_size;
|
||||
if (!bc.read_only_bytecode) {
|
||||
function_size += bc.byte_code_len;
|
||||
}
|
||||
|
||||
if (function_size > INT32_MAX)
|
||||
return JS_ThrowOutOfMemory(ctx);
|
||||
|
||||
b = js_mallocz(ctx, function_size);
|
||||
if (!b)
|
||||
return JS_EXCEPTION;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user