diff options
| author | Fabrice Bellard <fabrice@bellard.org> | 2024-01-08 18:39:26 +0100 |
|---|---|---|
| committer | bptato <nincsnevem662@gmail.com> | 2024-01-11 18:49:05 +0100 |
| commit | 36b9761af06156099dec63ec6914e3cc109253f4 (patch) | |
| tree | e5230d90f285b556fec0bf25f7893e3c1743b3a0 /lib/quickjs/quickjs.c | |
| parent | 6f673b603303c437feb7d13e32e468eb1b53ea85 (diff) | |
| download | chawan-36b9761af06156099dec63ec6914e3cc109253f4.tar.gz | |
avoid potentially undefined behavior and make valgrind happy (bnoordhuis) (github issue #153)
Diffstat (limited to 'lib/quickjs/quickjs.c')
| -rw-r--r-- | lib/quickjs/quickjs.c | 26 |
1 files changed, 12 insertions, 14 deletions
diff --git a/lib/quickjs/quickjs.c b/lib/quickjs/quickjs.c index eae09f6c..c370a46d 100644 --- a/lib/quickjs/quickjs.c +++ b/lib/quickjs/quickjs.c @@ -8006,47 +8006,45 @@ static JSValue JS_GetPropertyValue(JSContext *ctx, JSValueConst this_obj, if (likely(JS_VALUE_GET_TAG(this_obj) == JS_TAG_OBJECT && JS_VALUE_GET_TAG(prop) == JS_TAG_INT)) { JSObject *p; - uint32_t idx, len; + uint32_t idx; /* fast path for array access */ p = JS_VALUE_GET_OBJ(this_obj); idx = JS_VALUE_GET_INT(prop); - /* Note: this code works even if 'p->u.array.count' is not - initialized. There are two cases: - - 'p' is an array-like object. 'p->u.array.count' is - initialized so the slow_path is taken when the index is - out of bounds. - - 'p' is not an array-like object. 'p->u.array.count' has - any value and potentially not initialized. In all the cases - (idx >= len or idx < len) the slow path is taken as - expected. - */ - len = (uint32_t)p->u.array.count; - if (unlikely(idx >= len)) - goto slow_path; switch(p->class_id) { case JS_CLASS_ARRAY: case JS_CLASS_ARGUMENTS: + if (unlikely(idx >= p->u.array.count)) goto slow_path; return JS_DupValue(ctx, p->u.array.u.values[idx]); case JS_CLASS_INT8_ARRAY: + if (unlikely(idx >= p->u.array.count)) goto slow_path; return JS_NewInt32(ctx, p->u.array.u.int8_ptr[idx]); case JS_CLASS_UINT8C_ARRAY: case JS_CLASS_UINT8_ARRAY: + if (unlikely(idx >= p->u.array.count)) goto slow_path; return JS_NewInt32(ctx, p->u.array.u.uint8_ptr[idx]); case JS_CLASS_INT16_ARRAY: + if (unlikely(idx >= p->u.array.count)) goto slow_path; return JS_NewInt32(ctx, p->u.array.u.int16_ptr[idx]); case JS_CLASS_UINT16_ARRAY: + if (unlikely(idx >= p->u.array.count)) goto slow_path; return JS_NewInt32(ctx, p->u.array.u.uint16_ptr[idx]); case JS_CLASS_INT32_ARRAY: + if (unlikely(idx >= p->u.array.count)) goto slow_path; return JS_NewInt32(ctx, p->u.array.u.int32_ptr[idx]); case JS_CLASS_UINT32_ARRAY: + if (unlikely(idx >= p->u.array.count)) goto slow_path; return JS_NewUint32(ctx, p->u.array.u.uint32_ptr[idx]); case JS_CLASS_BIG_INT64_ARRAY: + if (unlikely(idx >= p->u.array.count)) goto slow_path; return JS_NewBigInt64(ctx, p->u.array.u.int64_ptr[idx]); case JS_CLASS_BIG_UINT64_ARRAY: + if (unlikely(idx >= p->u.array.count)) goto slow_path; return JS_NewBigUint64(ctx, p->u.array.u.uint64_ptr[idx]); case JS_CLASS_FLOAT32_ARRAY: + if (unlikely(idx >= p->u.array.count)) goto slow_path; return __JS_NewFloat64(ctx, p->u.array.u.float_ptr[idx]); case JS_CLASS_FLOAT64_ARRAY: + if (unlikely(idx >= p->u.array.count)) goto slow_path; return __JS_NewFloat64(ctx, p->u.array.u.double_ptr[idx]); default: goto slow_path; |