Fixed the security issue

Issue:https://gitee.com/openharmony/arkcompiler_ets_runtime/issues/IAIZI1 Signed-off-by: 王笑佳 <wangxiaojia5@huawei.com>
2024-11-23 10:09:54 +00:00 · 2024-10-10 20:14:49 +08:00 · 2024-10-10 20:14:49 +08:00 · 1748d32770
commit 1748d32770
parent 00e623a192
9 changed files with 73 additions and 1 deletions
--- a/ecmascript/js_api/js_api_linked_list.cpp
+++ b/ecmascript/js_api/js_api_linked_list.cpp
@ -246,6 +246,10 @@ bool JSAPILinkedList::GetOwnProperty(JSThread *thread, const JSHandle<JSAPILinke
    }
    JSHandle<TaggedDoubleList> doubleList(thread, list->GetDoubleList());
    uint32_t length = static_cast<uint32_t>(doubleList->Length());
+    if (length == 0) {
+        JSTaggedValue error = ContainerError::BusinessError(thread, ErrorFlag::RANGE_ERROR, "Container is empty");
+        THROW_NEW_ERROR_AND_RETURN_VALUE(thread, error, false);
+    }
    if (index >= length) {
        ASSERT(length > 0);
        std::ostringstream oss;
--- a/ecmascript/js_api/js_api_plain_array.cpp
+++ b/ecmascript/js_api/js_api_plain_array.cpp
@ -198,6 +198,10 @@ bool JSAPIPlainArray::GetOwnProperty(JSThread *thread, const JSHandle<JSAPIPlain
 {
    TaggedArray *keyArray = TaggedArray::Cast(obj->GetKeys().GetTaggedObject());
    uint32_t size = obj->GetLength();
+    if (size == 0) {
+        JSTaggedValue error = ContainerError::BusinessError(thread, ErrorFlag::RANGE_ERROR, "Container is empty");
+        THROW_NEW_ERROR_AND_RETURN_VALUE(thread, error, false);
+    }
    int32_t index = obj->BinarySearch(keyArray, 0, size, key.GetTaggedValue().GetInt());
    if (index < 0 || index >= static_cast<int32_t>(size)) {
        ASSERT(size > 0);
--- a/ecmascript/js_api/js_api_queue.cpp
+++ b/ecmascript/js_api/js_api_queue.cpp
@ -206,6 +206,10 @@ bool JSAPIQueue::GetOwnProperty(JSThread *thread, const JSHandle<JSAPIQueue> &ob
    }

    uint32_t length = obj->GetLength().GetArrayLength();
+    if (length == 0) {
+        JSTaggedValue error = ContainerError::BusinessError(thread, ErrorFlag::RANGE_ERROR, "Container is empty");
+        THROW_NEW_ERROR_AND_RETURN_VALUE(thread, error, false);
+    }
    if (index >= length) {
        ASSERT(length > 0);
        std::ostringstream oss;
--- a/ecmascript/js_api/js_api_stack.cpp
+++ b/ecmascript/js_api/js_api_stack.cpp
@ -154,6 +154,10 @@ bool JSAPIStack::GetOwnProperty(JSThread *thread, const JSHandle<JSAPIStack> &ob
    }

    uint32_t length = static_cast<uint32_t>(obj->GetTop() + 1);
+    if (length == 0) {
+        JSTaggedValue error = ContainerError::BusinessError(thread, ErrorFlag::RANGE_ERROR, "Container is empty");
+        THROW_NEW_ERROR_AND_RETURN_VALUE(thread, error, false);
+    }
    if (index >= length) {
        std::ostringstream oss;
        ASSERT(length > 0);
--- a/test/moduletest/container/container_linked_list.js
+++ b/test/moduletest/container/container_linked_list.js
@ -370,7 +370,19 @@ if (globalThis["ArkPrivate"] != undefined) {
    } else {
        print("Test LinkedList fail: " + flag);
    }
-
+    const v6 = new LinkedList()
+    function f2(a3) {
+        return a3
+    }
+    const o5 = {
+        "get" : f2,
+    }
+    const v7 = new Proxy(v6, o5)
+    try {
+        v7[1073741823]
+    } catch (error) {
+        print(error)
+    }
    let mList = new LinkedList();
    for (let i = 1; i <= 10; ++i) {
        mList.add(i);
--- a/test/moduletest/container/container_plainarray.js
+++ b/test/moduletest/container/container_plainarray.js
@ -192,5 +192,18 @@ if (globalThis["ArkPrivate"] != undefined) {
    } else {
        print("Test PlainArray fail: " + res);
    }
+    const v6 = new PlainArray()
+    function f2(a3) {
+        return a3
+    }
+    const o5 = {
+        "get" : f2,
+    }
+    const v7 = new Proxy(v6, o5)
+    try {
+        v7[1073741823]
+    } catch (error) {
+        print(error)
+    }
 }
 export let plainarrayRes = "Test PlainArray done";
--- a/test/moduletest/container/container_queue.js
+++ b/test/moduletest/container/container_queue.js
@ -149,5 +149,18 @@ if (globalThis["ArkPrivate"] != undefined) {
    } catch(error) {
        print(error);
    }
+    const v6 = new Queue()
+    function f2(a3) {
+        return a3
+    }
+    const o5 = {
+        "get" : f2,
+    }
+    const v7 = new Proxy(v6, o5)
+    try {
+        v7[1073741823]
+    } catch (error) {
+        print(error)
+    }
 }
 export let queueRes = "Test Queue done";
--- a/test/moduletest/container/container_stack.js
+++ b/test/moduletest/container/container_stack.js
@ -143,5 +143,19 @@ if (globalThis["ArkPrivate"] != undefined) {
    } catch (error) {
        print(error)
    }
+
+    const v6 = new Stack()
+    function f2(a3) {
+        return a3
+    }
+    const o5 = {
+        "get" : f2,
+    }
+    const v7 = new Proxy(v6, o5)
+    try {
+        v7[1073741823]
+    } catch (error) {
+        print(error)
+    }
 }
 export let stackRes = "Test Stack done";
--- a/test/moduletest/container/expect_output.txt
+++ b/test/moduletest/container/expect_output.txt
@ -24,15 +24,19 @@ Test HashSet success!!!
 Test LightWeightMap success!!!
 Test LightWeightSet success!!!
 Test LinkedList success!!!
+BusinessError: Container is empty
 0
 Test List success!!!
 Test PlainArray success!!!
+BusinessError: Container is empty
 0
 Test Queue success!!!
 6
 BusinessError: Container is empty
+BusinessError: Container is empty
 Test Stack success!!!
 BusinessError: Container is empty
+BusinessError: Container is empty
 Test TreeMap success!!!
 Test TreeMap set After Clear Success
 Test TreeSet success!!!