Home Explore Help
Sign In
hugh
/
v8js
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

v8js_v8object_class: add size check + precission down cast

Stefan Siegl 8 years ago
parent
ab8613f41b
commit
4a8c49bfed
1 changed files with 41 additions and 7 deletions
Unified View Show Diff Stats
  1. 41 7
      v8js_v8object_class.cc

+ 41 - 7
v8js_v8object_class.cc
View File 

@@ -2,7 +2,7 @@
 
   +----------------------------------------------------------------------+
 
   +----------------------------------------------------------------------+
 
   | PHP Version 5                                                        |
 
   | PHP Version 5                                                        |
 
   +----------------------------------------------------------------------+
 
   +----------------------------------------------------------------------+
 
-  | Copyright (c) 1997-2016 The PHP Group                                |
 
+  | Copyright (c) 1997-2017 The PHP Group                                |
 
   +----------------------------------------------------------------------+
 
   +----------------------------------------------------------------------+
 
   | http://www.opensource.org/licenses/mit-license.php  MIT License      |
 
   | http://www.opensource.org/licenses/mit-license.php  MIT License      |
 
   +----------------------------------------------------------------------+
 
   +----------------------------------------------------------------------+
 
@@ -67,9 +67,14 @@ static int v8js_v8object_has_property(zval *object, zval *member, int has_set_ex
 
 
 
 	if (Z_TYPE_P(member) == IS_STRING && v8obj->IsObject())
 
 	if (Z_TYPE_P(member) == IS_STRING && v8obj->IsObject())
 
 	{
 
 	{
 
+		if (Z_STRLEN_P(member) > std::numeric_limits<int>::max()) {
 
+			zend_throw_exception(php_ce_v8js_exception,
 
+				"Member name length exceeds maximum supported length", 0);
 
+			return retval;
 
+		}
 
 
 
 		v8::Local<v8::Object> jsObj = v8obj->ToObject();
 
 		v8::Local<v8::Object> jsObj = v8obj->ToObject();
 
-		v8::Local<v8::String> jsKey = V8JS_ZSTR(Z_STR_P(member));
 
+		v8::Local<v8::String> jsKey = V8JS_STRL(Z_STRVAL_P(member), static_cast<int>(Z_STRLEN_P(member)));
 
 		v8::Local<v8::Value> jsVal;
 
 		v8::Local<v8::Value> jsVal;
 
 
 
 		/* Skip any prototype properties */
 
 		/* Skip any prototype properties */
 
@@ -126,9 +131,14 @@ static zval *v8js_v8object_read_property(zval *object, zval *member, int type, v
 
 
 
 	if (Z_TYPE_P(member) == IS_STRING && v8obj->IsObject())
 
 	if (Z_TYPE_P(member) == IS_STRING && v8obj->IsObject())
 
 	{
 
 	{
 
+		if (Z_STRLEN_P(member) > std::numeric_limits<int>::max()) {
 
+			zend_throw_exception(php_ce_v8js_exception,
 
+				"Member name length exceeds maximum supported length", 0);
 
+			return retval;
 
+		}
 
 
 
 		v8::Local<v8::Object> jsObj = v8obj->ToObject();
 
 		v8::Local<v8::Object> jsObj = v8obj->ToObject();
 
-		v8::Local<v8::String> jsKey = V8JS_ZSTR(Z_STR_P(member));
 
+		v8::Local<v8::String> jsKey = V8JS_STRL(Z_STRVAL_P(member), static_cast<int>(Z_STRLEN_P(member)));
 
 		v8::Local<v8::Value> jsVal;
 
 		v8::Local<v8::Value> jsVal;
 
 
 
 		/* Skip any prototype properties */
 
 		/* Skip any prototype properties */
 
@@ -158,8 +168,14 @@ static void v8js_v8object_write_property(zval *object, zval *member, zval *value
 
 	V8JS_CTX_PROLOGUE(obj->ctx);
 
 	V8JS_CTX_PROLOGUE(obj->ctx);
 
 	v8::Local<v8::Value> v8obj = v8::Local<v8::Value>::New(isolate, obj->v8obj);
 
 	v8::Local<v8::Value> v8obj = v8::Local<v8::Value>::New(isolate, obj->v8obj);
 
 
 
+	if (Z_STRLEN_P(member) > std::numeric_limits<int>::max()) {
 
+		zend_throw_exception(php_ce_v8js_exception,
 
+			"Member name length exceeds maximum supported length", 0);
 
+		return;
 
+	}
 
+
 
 	if (v8obj->IsObject()) {
 
 	if (v8obj->IsObject()) {
 
-		v8obj->ToObject()->ForceSet(V8JS_SYML(Z_STRVAL_P(member), Z_STRLEN_P(member)), zval_to_v8js(value, isolate TSRMLS_CC));
 
+		v8obj->ToObject()->ForceSet(V8JS_SYML(Z_STRVAL_P(member), static_cast<int>(Z_STRLEN_P(member))), zval_to_v8js(value, isolate));
 
 	}
 
 	}
 
 }
 
 }
 
 /* }}} */
 
 /* }}} */
 
@@ -177,8 +193,14 @@ static void v8js_v8object_unset_property(zval *object, zval *member, void **cach
 
 	V8JS_CTX_PROLOGUE(obj->ctx);
 
 	V8JS_CTX_PROLOGUE(obj->ctx);
 
 	v8::Local<v8::Value> v8obj = v8::Local<v8::Value>::New(isolate, obj->v8obj);
 
 	v8::Local<v8::Value> v8obj = v8::Local<v8::Value>::New(isolate, obj->v8obj);
 
 
 
+	if (Z_STRLEN_P(member) > std::numeric_limits<int>::max()) {
 
+		zend_throw_exception(php_ce_v8js_exception,
 
+			"Member name length exceeds maximum supported length", 0);
 
+		return;
 
+	}
 
+
 
 	if (v8obj->IsObject()) {
 
 	if (v8obj->IsObject()) {
 
-		v8obj->ToObject()->Delete(V8JS_SYML(Z_STRVAL_P(member), Z_STRLEN_P(member)));
 
+		v8obj->ToObject()->Delete(V8JS_SYML(Z_STRVAL_P(member), static_cast<int>(Z_STRLEN_P(member))));
 
 	}
 
 	}
 
 }
 
 }
 
 /* }}} */
 
 /* }}} */
 
@@ -241,8 +263,14 @@ static zend_function *v8js_v8object_get_method(zend_object **object_ptr, zend_st
 
 		return NULL;
 
 		return NULL;
 
 	}
 
 	}
 
 
 
+	if (ZSTR_LEN(method) > std::numeric_limits<int>::max()) {
 
+		zend_throw_exception(php_ce_v8js_exception,
 
+			"Method name length exceeds maximum supported length", 0);
 
+		return NULL;
 
+	}
 
+
 
 	V8JS_CTX_PROLOGUE_EX(obj->ctx, NULL);
 
 	V8JS_CTX_PROLOGUE_EX(obj->ctx, NULL);
 
-	v8::Local<v8::String> jsKey = V8JS_ZSTR(method);
 
+	v8::Local<v8::String> jsKey = V8JS_STRL(ZSTR_VAL(method), static_cast<int>(ZSTR_LEN(method)));
 
 	v8::Local<v8::Value> v8obj = v8::Local<v8::Value>::New(isolate, obj->v8obj);
 
 	v8::Local<v8::Value> v8obj = v8::Local<v8::Value>::New(isolate, obj->v8obj);
 
 
 
 	if (!obj->v8obj.IsEmpty() && v8obj->IsObject() && !v8obj->IsFunction()) {
 
 	if (!obj->v8obj.IsEmpty() && v8obj->IsObject() && !v8obj->IsFunction()) {
 
@@ -277,6 +305,12 @@ static int v8js_v8object_call_method(zend_string *method, zend_object *object, I
 
 		return FAILURE;
 
 		return FAILURE;
 
 	}
 
 	}
 
 
 
+	if (ZSTR_LEN(method) > std::numeric_limits<int>::max()) {
 
+		zend_throw_exception(php_ce_v8js_exception,
 
+			"Method name length exceeds maximum supported length", 0);
 
+		return FAILURE;
 
+	}
 
+
 
 	if (argc > 0) {
 
 	if (argc > 0) {
 
 		argv = (zval*)safe_emalloc(sizeof(zval), argc, 0);
 
 		argv = (zval*)safe_emalloc(sizeof(zval), argc, 0);
 
 		zend_get_parameters_array_ex(argc, argv);
 
 		zend_get_parameters_array_ex(argc, argv);
 
@@ -288,7 +322,7 @@ static int v8js_v8object_call_method(zend_string *method, zend_object *object, I
 
 		std::function< v8::Local<v8::Value>(v8::Isolate *) > v8_call = [obj, method, argc, argv, object, &return_value TSRMLS_CC](v8::Isolate *isolate) {
 
 		std::function< v8::Local<v8::Value>(v8::Isolate *) > v8_call = [obj, method, argc, argv, object, &return_value TSRMLS_CC](v8::Isolate *isolate) {
 
 			int i = 0;
 
 			int i = 0;
 
 
 
-			v8::Local<v8::String> method_name = V8JS_ZSYM(method);
 
+			v8::Local<v8::String> method_name = V8JS_SYML(ZSTR_VAL(method), static_cast<int>(ZSTR_LEN(method)));
 
 			v8::Local<v8::Object> v8obj = v8::Local<v8::Value>::New(isolate, obj->v8obj)->ToObject();
 
 			v8::Local<v8::Object> v8obj = v8::Local<v8::Value>::New(isolate, obj->v8obj)->ToObject();
 
 			v8::Local<v8::Object> thisObj;
 
 			v8::Local<v8::Object> thisObj;
 
 			v8::Local<v8::Function> cb;
 
 			v8::Local<v8::Function> cb;