details: https://hg.nginx.org/njs/rev/6feba0e602ee
branches:
changeset: 1707:6feba0e602ee
user: Dmitry Volyntsev <xeioex@nginx.com>
date: Fri Sep 17 18:29:40 2021 +0000
description:
Fixed njs_buffer_slot().

Previously, njs_buffer_slot() might return NULL value without setting
corresponding exception where user code expects it.

In addition the function is split into two functions. The internal one
does not set anything to vm->retval. This function has to be used by
property handlers, because they are expected not to modify vm->retval.

diffstat:

src/njs_buffer.c | 42 ++++++++++++++++++++++++------------------
src/test/njs_unit_test.c | 6 ++++++
2 files changed, 30 insertions(+), 18 deletions(-)

diffs (82 lines):

diff -r d1a43dc93e9d -r 6feba0e602ee src/njs_buffer.c
--- a/src/njs_buffer.c Fri Sep 17 18:29:40 2021 +0000
+++ b/src/njs_buffer.c Fri Sep 17 18:29:40 2021 +0000
@@ -572,30 +572,36 @@ njs_buffer_byte_length(njs_vm_t *vm, njs


static njs_typed_array_t *
+njs_buffer_slot_internal(njs_vm_t *vm, njs_value_t *value)
+{
+ njs_typed_array_t *array;
+
+ if (njs_is_object(value)) {
+ array = njs_object_proto_lookup(njs_object(value), NJS_TYPED_ARRAY,
+ njs_typed_array_t);
+
+ if (array != NULL && array->type == NJS_OBJ_TYPE_UINT8_ARRAY) {
+ return array;
+ }
+ }
+
+ return NULL;
+}
+
+
+static njs_typed_array_t *
njs_buffer_slot(njs_vm_t *vm, njs_value_t *value, const char *name)
{
njs_typed_array_t *array;

- if (njs_slow_path(!njs_is_object(value))) {
- goto failed;
- }
-
- array = njs_object_proto_lookup(njs_object(value), NJS_TYPED_ARRAY,
- njs_typed_array_t);
-
- if (njs_slow_path(array != NULL
- && array->type != NJS_OBJ_TYPE_UINT8_ARRAY))
- {
- goto failed;
+ array = njs_buffer_slot_internal(vm, value);
+ if (njs_slow_path(array == NULL)) {
+ njs_type_error(vm, "\"%s\" argument must be an instance "
+ "of Buffer or Uint8Array", name);
+ return NULL;
}

return array;
-
-failed:
-
- njs_type_error(vm, "\"%s\" argument must be an instance "
- "of Buffer or Uint8Array", name);
- return NULL;
}


@@ -902,7 +908,7 @@ njs_buffer_prototype_length(njs_vm_t *vm
{
njs_typed_array_t *array;

- array = njs_buffer_slot(vm, value, "this");
+ array = njs_buffer_slot_internal(vm, value);
if (njs_slow_path(array == NULL)) {
njs_set_undefined(retval);
return NJS_DECLINED;
diff -r d1a43dc93e9d -r 6feba0e602ee src/test/njs_unit_test.c
--- a/src/test/njs_unit_test.c Fri Sep 17 18:29:40 2021 +0000
+++ b/src/test/njs_unit_test.c Fri Sep 17 18:29:40 2021 +0000
@@ -19538,6 +19538,12 @@ static njs_unit_test_t njs_test[] =
"})"),
njs_str("true") },

+ { njs_str("Buffer.from([1,2]).equals(new ArrayBuffer(1))"),
+ njs_str("TypeError: \"target\" argument must be an instance of Buffer or Uint8Array") },
+
+ { njs_str("Buffer.from([1,2]).equals(1)"),
+ njs_str("TypeError: \"target\" argument must be an instance of Buffer or Uint8Array") },
+
{ njs_str("var buf = Buffer.alloc(4);"
"buf.fill('ZXZpbA==', 'base64')"),
njs_str("evil") },
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel