Welcome! Log In Create A New Profile

Advanced

[njs] Fixed stack-use-after-scope in Array.prototype.map().

Alexander Borisov
September 17, 2019 04:32AM
details: https://hg.nginx.org/njs/rev/1293f464dcc7
branches:
changeset: 1161:1293f464dcc7
user: Alexander Borisov <alexander.borisov@nginx.com>
date: Tue Sep 17 11:29:10 2019 +0300
description:
Fixed stack-use-after-scope in Array.prototype.map().

In the njs_array_iterator() an args.value is replaced to value on stack
for non-object strings.

diffstat:

src/njs_array.c | 6 +++---
src/test/njs_unit_test.c | 3 +++
2 files changed, 6 insertions(+), 3 deletions(-)

diffs (32 lines):

diff -r d0d4fa8918ac -r 1293f464dcc7 src/njs_array.c
--- a/src/njs_array.c Tue Sep 17 09:20:24 2019 +0300
+++ b/src/njs_array.c Tue Sep 17 11:29:10 2019 +0300
@@ -1917,12 +1917,12 @@ njs_array_prototype_map(njs_vm_t *vm, nj
return ret;
}

- if (njs_is_array(iargs.value)
- && njs_object_hash_is_empty(iargs.value))
+ if (njs_is_array(&args[0])
+ && njs_object_hash_is_empty(&args[0]))
{
array = iargs.array;

- for (i = njs_array_len(iargs.value); i < length; i++) {
+ for (i = njs_array_len(&args[0]); i < length; i++) {
njs_set_invalid(&array->start[i]);
}
}
diff -r d0d4fa8918ac -r 1293f464dcc7 src/test/njs_unit_test.c
--- a/src/test/njs_unit_test.c Tue Sep 17 09:20:24 2019 +0300
+++ b/src/test/njs_unit_test.c Tue Sep 17 11:29:10 2019 +0300
@@ -4506,6 +4506,9 @@ static njs_unit_test_t njs_test[] =
".every(x => x === true)"),
njs_str("true") },

+ { njs_str("Array.prototype.map.call('abcdef', (val, idx, obj) => {return val === 100})"),
+ njs_str("false,false,false,false,false,false") },
+
{ njs_str("var a = [];"
"a.reduce(function(p, v, i, a) { return p + v })"),
njs_str("TypeError: invalid index") },
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

[njs] Fixed stack-use-after-scope in Array.prototype.map().

Alexander Borisov 105 September 17, 2019 04:32AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 130
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready