add JS_TERMINATION_ERROR and exceed limit Size jscrash

Signed-off-by: wangzhaoyong <wangzhaoyong@huawei.com> Change-Id: I0e2ae900f941ed05e426e5831a71782d9f01915a
2024-10-07 08:03:29 +00:00 · 2023-12-21 21:24:27 +08:00 · 2023-12-21 21:24:27 +08:00 · 64a34798a5
commit 64a34798a5
parent 8d2c962e9c
5 changed files with 26 additions and 19 deletions
--- a/ecmascript/js_serializer.cpp
+++ b/ecmascript/js_serializer.cpp
@ -1100,13 +1100,6 @@ JSDeserializer::~JSDeserializer()
 JSHandle<JSTaggedValue> JSDeserializer::Deserialize()
 {
    ECMA_BYTRACE_NAME(HITRACE_TAG_ARK, "Deserialize dataSize: " + std::to_string(end_ - begin_));
-    size_t maxSerializerSize = thread_->GetEcmaVM()->GetEcmaParamConfiguration().GetMaxJSSerializerSize();
-    size_t dataSize = end_ - begin_;
-    if (dataSize > maxSerializerSize) {
-        LOG_ECMA(ERROR) << "The Serialization data size has exceed limit Size, current size is: " << dataSize <<
-            " max size is: " << maxSerializerSize;
-        return JSHandle<JSTaggedValue>();
-    }
    JSHandle<JSTaggedValue> res = DeserializeJSTaggedValue();
    return res;
 }
@ -2008,10 +2001,16 @@ bool Serializer::WriteValue(
        return false;
    }
    if (!valueSerializer_.SerializeJSTaggedValue(value)) {
+        valueSerializer_.ReleaseBuffer();
+        return false;
+    }
+    size_t maxSerializerSize = thread->GetEcmaVM()->GetEcmaParamConfiguration().GetMaxJSSerializerSize();
+    if (data_->GetSize() > maxSerializerSize) {
+        LOG_ECMA(ERROR) << "The Serialization data size has exceed limit Size, current size is: " << data_->GetSize()
+            << " max size is: " << maxSerializerSize;
+        valueSerializer_.ReleaseBuffer();
        return false;
    }
-    // clear transfer obj set after serialization
-    valueSerializer_.ClearTransferSet();
    std::pair<uint8_t*, size_t> pair = valueSerializer_.ReleaseBuffer();
    data_->value_.reset(pair.first);
    data_->dataSize_ = pair.second;
--- a/ecmascript/js_serializer.h
+++ b/ecmascript/js_serializer.h
@ -108,7 +108,12 @@ enum class SerializationUID : uint8_t {
 class JSSerializer {
 public:
    explicit JSSerializer(JSThread *thread) : thread_(thread) {}
-    ~JSSerializer() = default;
+    ~JSSerializer()
+    {
+        // clear transfer obj set after serialization
+        transferDataSet_.clear();
+    }
+
    bool SerializeJSTaggedValue(const JSHandle<JSTaggedValue> &value);
    void InitTransferSet(CUnorderedSet<uintptr_t> transferDataSet);
    void ClearTransferSet();
--- a/ecmascript/serializer/base_deserializer.cpp
+++ b/ecmascript/serializer/base_deserializer.cpp
@ -33,12 +33,6 @@ namespace panda::ecmascript {
 JSHandle<JSTaggedValue> BaseDeserializer::ReadValue()
 {
    ECMA_BYTRACE_NAME(HITRACE_TAG_ARK, "Deserialize dataSize: " + std::to_string(data_->Size()));
-    size_t maxSerializerSize = thread_->GetEcmaVM()->GetEcmaParamConfiguration().GetMaxJSSerializerSize();
-    if (data_->Size() > maxSerializerSize) {
-        LOG_ECMA(ERROR) << "The serialization data size has exceed limit Size, current size is: " << data_->Size()
-                        << " max size is: " << maxSerializerSize;
-        return JSHandle<JSTaggedValue>();
-    }
    AllocateToDifferentSpaces();
    JSHandle<JSTaggedValue> res = DeserializeJSTaggedValue();
    return res;
--- a/ecmascript/serializer/value_serializer.cpp
+++ b/ecmascript/serializer/value_serializer.cpp
@ -37,6 +37,7 @@ bool ValueSerializer::CheckObjectCanSerialize(TaggedObject *object)
        case JSType::JS_URI_ERROR:
        case JSType::JS_SYNTAX_ERROR:
        case JSType::JS_OOM_ERROR:
+        case JSType::JS_TERMINATION_ERROR:
        case JSType::JS_DATE:
        case JSType::JS_ARRAY:
        case JSType::JS_MAP:
@ -94,8 +95,6 @@ bool ValueSerializer::WriteValue(JSThread *thread, const JSHandle<JSTaggedValue>
        vm_->GetSnapshotEnv()->Initialize();
    }
    SerializeJSTaggedValue(value.GetTaggedValue());
-    // clear transfer obj set after serialization
-    transferDataSet_.clear();
    if (value->IsHeapObject()) {
        vm_->GetSnapshotEnv()->ClearEnvMap();
    }
@ -104,6 +103,12 @@ bool ValueSerializer::WriteValue(JSThread *thread, const JSHandle<JSTaggedValue>
        data_->SetIncompleteData(true);
        return false;
    }
+    size_t maxSerializerSize = vm_->GetEcmaParamConfiguration().GetMaxJSSerializerSize();
+    if (data_->Size() > maxSerializerSize) {
+        LOG_ECMA(ERROR) << "The serialization data size has exceed limit Size, current size is: " << data_->Size()
+                        << " max size is: " << maxSerializerSize;
+        return false;
+    }
    return true;
 }

--- a/ecmascript/serializer/value_serializer.h
+++ b/ecmascript/serializer/value_serializer.h
@ -23,7 +23,11 @@ namespace panda::ecmascript {
 class ValueSerializer : public BaseSerializer {
 public:
    explicit ValueSerializer(JSThread *thread) : BaseSerializer(thread) {}
-    ~ValueSerializer() override = default;
+    ~ValueSerializer()
+    {
+        // clear transfer obj set after serialization
+        transferDataSet_.clear();
+    }
    NO_COPY_SEMANTIC(ValueSerializer);
    NO_MOVE_SEMANTIC(ValueSerializer);