mirrors/phpv8
mirrors/phpv8
0
0
Fork 0
mirror of https://github.com/phpv8/v8js.git synced 2024-11-09 16:28:41 +00:00
Code Releases Activity

v8js_v8object_class: add size check + precission down cast

Browse Source
This commit is contained in:
Stefan Siegl 2017-03-11 00:09:51 +01:00
parent ab8613f41b
commit 4a8c49bfed
1 changed files with 41 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
v8js_v8object_class.cc
View File

@ -2,7 +2,7 @@
+----------------------------------------------------------------------+ +----------------------------------------------------------------------+
| PHP Version 5 | | PHP Version 5 |
+----------------------------------------------------------------------+ +----------------------------------------------------------------------+
| Copyright (c) 1997-2016 The PHP Group | | Copyright (c) 1997-2017 The PHP Group |
+----------------------------------------------------------------------+ +----------------------------------------------------------------------+
| http://www.opensource.org/licenses/mit-license.php MIT License | | http://www.opensource.org/licenses/mit-license.php MIT License |
+----------------------------------------------------------------------+ +----------------------------------------------------------------------+
@ -67,9 +67,14 @@ static int v8js_v8object_has_property(zval *object, zval *member, int has_set_ex
if (Z_TYPE_P(member) == IS_STRING && v8obj->IsObject()) if (Z_TYPE_P(member) == IS_STRING && v8obj->IsObject())
{ {
if (Z_STRLEN_P(member) > std::numeric_limits<int>::max()) {
zend_throw_exception(php_ce_v8js_exception,
"Member name length exceeds maximum supported length", 0);
return retval;
}
v8::Local<v8::Object> jsObj = v8obj->ToObject(); v8::Local<v8::Object> jsObj = v8obj->ToObject();
v8::Local<v8::String> jsKey = V8JS_ZSTR(Z_STR_P(member)); v8::Local<v8::String> jsKey = V8JS_STRL(Z_STRVAL_P(member), static_cast<int>(Z_STRLEN_P(member)));
v8::Local<v8::Value> jsVal; v8::Local<v8::Value> jsVal;
/* Skip any prototype properties */ /* Skip any prototype properties */
@ -126,9 +131,14 @@ static zval *v8js_v8object_read_property(zval *object, zval *member, int type, v
if (Z_TYPE_P(member) == IS_STRING && v8obj->IsObject()) if (Z_TYPE_P(member) == IS_STRING && v8obj->IsObject())
{ {
if (Z_STRLEN_P(member) > std::numeric_limits<int>::max()) {
zend_throw_exception(php_ce_v8js_exception,
"Member name length exceeds maximum supported length", 0);
return retval;
}
v8::Local<v8::Object> jsObj = v8obj->ToObject(); v8::Local<v8::Object> jsObj = v8obj->ToObject();
v8::Local<v8::String> jsKey = V8JS_ZSTR(Z_STR_P(member)); v8::Local<v8::String> jsKey = V8JS_STRL(Z_STRVAL_P(member), static_cast<int>(Z_STRLEN_P(member)));
v8::Local<v8::Value> jsVal; v8::Local<v8::Value> jsVal;
/* Skip any prototype properties */ /* Skip any prototype properties */
@ -158,8 +168,14 @@ static void v8js_v8object_write_property(zval *object, zval *member, zval *value
V8JS_CTX_PROLOGUE(obj->ctx); V8JS_CTX_PROLOGUE(obj->ctx);
v8::Local<v8::Value> v8obj = v8::Local<v8::Value>::New(isolate, obj->v8obj); v8::Local<v8::Value> v8obj = v8::Local<v8::Value>::New(isolate, obj->v8obj);
if (Z_STRLEN_P(member) > std::numeric_limits<int>::max()) {
zend_throw_exception(php_ce_v8js_exception,
"Member name length exceeds maximum supported length", 0);
return;
}
if (v8obj->IsObject()) { if (v8obj->IsObject()) {
v8obj->ToObject()->ForceSet(V8JS_SYML(Z_STRVAL_P(member), Z_STRLEN_P(member)), zval_to_v8js(value, isolate TSRMLS_CC)); v8obj->ToObject()->ForceSet(V8JS_SYML(Z_STRVAL_P(member), static_cast<int>(Z_STRLEN_P(member))), zval_to_v8js(value, isolate));
} }
} }
/* }}} */ /* }}} */
@ -177,8 +193,14 @@ static void v8js_v8object_unset_property(zval *object, zval *member, void **cach
V8JS_CTX_PROLOGUE(obj->ctx); V8JS_CTX_PROLOGUE(obj->ctx);
v8::Local<v8::Value> v8obj = v8::Local<v8::Value>::New(isolate, obj->v8obj); v8::Local<v8::Value> v8obj = v8::Local<v8::Value>::New(isolate, obj->v8obj);
if (Z_STRLEN_P(member) > std::numeric_limits<int>::max()) {
zend_throw_exception(php_ce_v8js_exception,
"Member name length exceeds maximum supported length", 0);
return;
}
if (v8obj->IsObject()) { if (v8obj->IsObject()) {
v8obj->ToObject()->Delete(V8JS_SYML(Z_STRVAL_P(member), Z_STRLEN_P(member))); v8obj->ToObject()->Delete(V8JS_SYML(Z_STRVAL_P(member), static_cast<int>(Z_STRLEN_P(member))));
} }
} }
/* }}} */ /* }}} */
@ -241,8 +263,14 @@ static zend_function *v8js_v8object_get_method(zend_object **object_ptr, zend_st
return NULL; return NULL;
} }
if (ZSTR_LEN(method) > std::numeric_limits<int>::max()) {
zend_throw_exception(php_ce_v8js_exception,
"Method name length exceeds maximum supported length", 0);
return NULL;
}
V8JS_CTX_PROLOGUE_EX(obj->ctx, NULL); V8JS_CTX_PROLOGUE_EX(obj->ctx, NULL);
v8::Local<v8::String> jsKey = V8JS_ZSTR(method); v8::Local<v8::String> jsKey = V8JS_STRL(ZSTR_VAL(method), static_cast<int>(ZSTR_LEN(method)));
v8::Local<v8::Value> v8obj = v8::Local<v8::Value>::New(isolate, obj->v8obj); v8::Local<v8::Value> v8obj = v8::Local<v8::Value>::New(isolate, obj->v8obj);
if (!obj->v8obj.IsEmpty() && v8obj->IsObject() && !v8obj->IsFunction()) { if (!obj->v8obj.IsEmpty() && v8obj->IsObject() && !v8obj->IsFunction()) {
@ -277,6 +305,12 @@ static int v8js_v8object_call_method(zend_string *method, zend_object *object, I
return FAILURE; return FAILURE;
} }
if (ZSTR_LEN(method) > std::numeric_limits<int>::max()) {
zend_throw_exception(php_ce_v8js_exception,
"Method name length exceeds maximum supported length", 0);
return FAILURE;
}
if (argc > 0) { if (argc > 0) {
argv = (zval*)safe_emalloc(sizeof(zval), argc, 0); argv = (zval*)safe_emalloc(sizeof(zval), argc, 0);
zend_get_parameters_array_ex(argc, argv); zend_get_parameters_array_ex(argc, argv);
@ -288,7 +322,7 @@ static int v8js_v8object_call_method(zend_string *method, zend_object *object, I
std::function< v8::Local<v8::Value>(v8::Isolate *) > v8_call = [obj, method, argc, argv, object, &return_value TSRMLS_CC](v8::Isolate *isolate) { std::function< v8::Local<v8::Value>(v8::Isolate *) > v8_call = [obj, method, argc, argv, object, &return_value TSRMLS_CC](v8::Isolate *isolate) {
int i = 0; int i = 0;
v8::Local<v8::String> method_name = V8JS_ZSYM(method); v8::Local<v8::String> method_name = V8JS_SYML(ZSTR_VAL(method), static_cast<int>(ZSTR_LEN(method)));
v8::Local<v8::Object> v8obj = v8::Local<v8::Value>::New(isolate, obj->v8obj)->ToObject(); v8::Local<v8::Object> v8obj = v8::Local<v8::Value>::New(isolate, obj->v8obj)->ToObject();
v8::Local<v8::Object> thisObj; v8::Local<v8::Object> thisObj;
v8::Local<v8::Function> cb; v8::Local<v8::Function> cb;