Inicio Explorar Ayuda
Iniciar sesión
SunnyMirror
/
ChakraCore
espejo de https://github.com/microsoft/ChakraCore.git
2
0
Fork 0
Archivos Incidencias 0 Wiki
Explorar el Código

make security checks when flattening buffer, always discard metadata after flattening

Michael Holman hace 8 años
padre
8006165010
commit
bc1d349641
Se han modificado 3 ficheros con 9 adiciones y 11 borrados
Dividir vista Mostrar estadísticas de diff
  1. 5 4
      lib/Runtime/Library/JSONStringBuilder.cpp
  2. 1 2
      lib/Runtime/Library/JSONStringBuilder.h
  3. 3 5
      lib/Runtime/Library/LazyJSONString.cpp

+ 5 - 4
lib/Runtime/Library/JSONStringBuilder.cpp
Ver fichero 

@@ -11,6 +11,7 @@ namespace Js
 
 void
 
 JSONStringBuilder::AppendCharacter(char16 character)
 
 {
 
+    AssertOrFailFast(this->currentLocation < endLocation);
 
     *this->currentLocation = character;
 
     ++this->currentLocation;
 
 }
 
@@ -18,6 +19,7 @@ JSONStringBuilder::AppendCharacter(char16 character)
 
 void
 
 JSONStringBuilder::AppendBuffer(_In_ const char16* buffer, charcount_t length)
 
 {
 
+    AssertOrFailFast(this->currentLocation + length <= endLocation);
 
     wmemcpy_s(this->currentLocation, length, buffer, length);
 
     this->currentLocation += length;
 
 }
 
@@ -262,8 +264,8 @@ JSONStringBuilder::Build()
 
 {
 
     this->AppendJSONPropertyString(this->jsonContent);
 
     // Null terminate the string
 
+    AssertOrFailFast(this->currentLocation == endLocation);
 
     *this->currentLocation = _u('\0');
 
-    Assert(this->currentLocation == buffer + bufferLength - 1);
 
 }
 
 
 JSONStringBuilder::JSONStringBuilder(
 
@@ -274,13 +276,12 @@ JSONStringBuilder::JSONStringBuilder(
 
     _In_opt_ const char16* gap,
 
     charcount_t gapLength) :
 
         scriptContext(scriptContext),
 
-        buffer(buffer),
 
+        endLocation(buffer + bufferLength - 1),
 
         currentLocation(buffer),
 
         jsonContent(jsonContent),
 
         gap(gap),
 
         gapLength(gapLength),
 
-        indentLevel(0),
 
-        bufferLength(bufferLength)
 
+        indentLevel(0)
 
 {
 
 }

+ 1 - 2
lib/Runtime/Library/JSONStringBuilder.h
Ver fichero 

@@ -12,13 +12,12 @@ class JSONStringBuilder
 
 {
 
 private:
 
     ScriptContext* scriptContext;
 
-    char16* buffer;
 
+    const char16* endLocation;
 
     char16* currentLocation;
 
     JSONProperty* jsonContent;
 
     const char16* gap;
 
     charcount_t gapLength;
 
     uint32 indentLevel;
 
-    charcount_t bufferLength;
 
 
     void AppendGap(uint32 count);
 
     void AppendCharacter(char16 character);

+ 3 - 5
lib/Runtime/Library/LazyJSONString.cpp
Ver fichero 

@@ -159,11 +159,9 @@ LazyJSONString::GetSz()
 
 
     this->SetBuffer(target);
 
 
-    if (this->HasComplexGap())
 
-    {
 
-        // If we have a complex gap, there is no reason to keep content around after flattening
 
-        this->jsonContent = nullptr;
 
-    }
 
+    // You probably aren't going to parse if you are using the string buffer
 
+    // Let's throw away the metadata so we can reclaim the memory
 
+    this->jsonContent = nullptr;
 
 
     return target;
 
 }