Skip to content

Instantly share code, notes, and snippets.

@pkit

pkit/big_int_128.patch

Created January 21, 2021 12:49
Show Gist options
  • Save pkit/1171f37e1a9cb7bb9abc9b544f86fa55 to your computer and use it in GitHub Desktop.
Save pkit/1171f37e1a9cb7bb9abc9b544f86fa55 to your computer and use it in GitHub Desktop.
Download ZIP
v8 exploits patches
Raw
big_int_128.patch
diff --git a/src/numbers/conversions.cc b/src/numbers/conversions.cc
index 27f0a6ac3b..0d6eec63a4 100644
--- a/src/numbers/conversions.cc
+++ b/src/numbers/conversions.cc
@@ -392,7 +392,7 @@ void StringToIntHelper<LocalIsolate>::DetectRadixInternal(Char current,
template <typename LocalIsolate>
template <class Char>
bool StringToIntHelper<LocalIsolate>::ParseChunkInternal(Char start) {
- const int kChunkSize = 10240;
+ const int kChunkSize = 128;
Char current = start + cursor_;
Char end = start + length_;
Char break_pos = current + kChunkSize;
@@ -436,6 +436,7 @@ bool StringToIntHelper<LocalIsolate>::ParseChunkInternal(Char start) {
const uint32_t kMaximumMultiplier = 0xFFFFFFFFU / 36;
uint32_t m = multiplier * static_cast<uint32_t>(radix_);
if (m > kMaximumMultiplier) break;
+ if (current >= break_pos) break;
part = part * radix_ + d;
multiplier = m;
DCHECK(multiplier > part);
Raw
string_to_array.patch
diff --git a/src/runtime/runtime-strings.cc b/src/runtime/runtime-strings.cc
index 992a9c19a2..339f640bdd 100644
--- a/src/runtime/runtime-strings.cc
+++ b/src/runtime/runtime-strings.cc
@@ -384,6 +384,9 @@ RUNTIME_FUNCTION(Runtime_StringToArray) {
s = String::Flatten(isolate, s);
const int length = static_cast<int>(Min<uint32_t>(s->length(), limit));
+ if (FixedArray::kMaxLength < length) {
+ THROW_NEW_ERROR_RETURN_FAILURE(isolate, NewRangeError(MessageTemplate::kInvalidArrayLength));
+ }
Handle<FixedArray> elements;
int position = 0;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment