!9844 Solve the security alarm of std::stoi

Merge pull request !9844 from hlm2001/kexin_1017
2024-11-23 18:20:04 +00:00 · 2024-10-19 19:30:13 +00:00 · 2024-10-19 19:30:13 +00:00 · 94f2edf0d0
commit 94f2edf0d0
parent 3f1c3eb130 e6e1598cb3
4 changed files with 60 additions and 2 deletions
--- a/ecmascript/base/number_helper.cpp
+++ b/ecmascript/base/number_helper.cpp
@ -1279,6 +1279,32 @@ int NumberHelper::GetMinmumDigits(double d, int *decimalPoint, char *buf)
    return digits;
 }

+bool NumberHelper::StringToInt64(const std::string& str, int64_t& value)
+{
+    if (str.empty()) {
+        return false;
+    }
+
+    char *end;
+    errno = 0;
+    value = std::strtoll(str.c_str(), &end, 0); // Automatic check of the number system
+
+    // If no number is converted
+    if (end == str.c_str()) {
+        return false;
+    }
+    // If there is a range error (too large or to small)
+    if (errno == ERANGE && (value == LLONG_MAX || value == LLONG_MIN)) {
+        return false;
+    }
+    // If the character string contains non-digit chaaracters
+    if (*end != '\0') {
+        return false;
+    }
+
+    return true;
+}
+
 uint64_t RandomGenerator::XorShift64(uint64_t *pVal)
 {
    uint64_t x = *pVal;
--- a/ecmascript/base/number_helper.h
+++ b/ecmascript/base/number_helper.h
@ -187,6 +187,7 @@ public:
    static void DoubleToASCIIWithFlag(std::string& buf, double valueNumber, int digits, int flags);
    static void ToASCIIWithNegative(std::string& tmpbuf, int digitNumber, int n, const std::string& buf);
    static void ToASCIIWithGreatThanZero(std::string& tmpbuf, int digitNumber, int number, const std::string& buf);
+    static bool StringToInt64(const std::string& str, int64_t& value);
 private:
    static char Carry(char current, int radix);
    static double Strtod(const char *str, int exponent, uint8_t radix);
--- a/ecmascript/js_runtime_options.h
+++ b/ecmascript/js_runtime_options.h
@ -25,6 +25,7 @@
 #include "ecmascript/compiler/bc_call_signature.h"
 #include "ecmascript/mem/mem_common.h"
 #include "libpandabase/os/file.h"
+#include "ecmascript/base/number_helper.h"

 namespace {
 constexpr size_t DEFAULT_OPT_LEVEL = 3;  // 3: default opt level
@ -713,8 +714,18 @@ public:
        if (pos != std::string::npos) {
            std::string strStart = strAsmOpcodeDisableRange.substr(0, pos);
            std::string strEnd = strAsmOpcodeDisableRange.substr(pos + 1);
-            int start = strStart.empty() ? 0 : std::stoi(strStart);
-            int end = strEnd.empty() ? kungfu::BYTECODE_STUB_END_ID : std::stoi(strEnd);
+            int64_t inputStart;
+            int64_t inputEnd;
+            if (!base::NumberHelper::StringToInt64(strStart, inputStart)) {
+                inputStart = 0;
+                LOG_ECMA_IF(!strStart.empty(), INFO) << "when get start, strStart is " << strStart;
+            }
+            if (!base::NumberHelper::StringToInt64(strEnd, inputEnd)) {
+                inputEnd = kungfu::BYTECODE_STUB_END_ID;
+                LOG_ECMA_IF(!strStart.empty(), INFO) << "when get end, strEnd is " << strEnd;
+            }
+            int start = static_cast<int>(inputStart);
+            int end = static_cast<int>(inputEnd);
            if (start >= 0 && start < kungfu::BytecodeStubCSigns::NUM_OF_ALL_NORMAL_STUBS && end >= 0 &&
                end < kungfu::BytecodeStubCSigns::NUM_OF_ALL_NORMAL_STUBS && start <= end) {
                asmInterParsedOption_.handleStart = start;
--- a/ecmascript/tests/ecma_vm_test.cpp
+++ b/ecmascript/tests/ecma_vm_test.cpp
@ -65,6 +65,26 @@ HWTEST_F_L0(EcmaVMTest, CreateEcmaVMInTwoWays)
        EXPECT_TRUE(options1Out.GetArkProperties() != options2Out.GetArkProperties());
        EXPECT_TRUE(options2Out.GetHeapSize() == 500_MB);

+        options2.SetAsmOpcodeDisableRange("1,10");
+        options2.ParseAsmInterOption();
+        EXPECT_TRUE(options2.GetAsmInterParsedOption().handleStart == 1); // 1 targer start
+        EXPECT_TRUE(options2.GetAsmInterParsedOption().handleEnd == 10); // 10 targer end
+
+        options2.SetAsmOpcodeDisableRange("0x1,0xa");
+        options2.ParseAsmInterOption();
+        EXPECT_TRUE(options2.GetAsmInterParsedOption().handleStart == 1); // 1 targer start
+        EXPECT_TRUE(options2.GetAsmInterParsedOption().handleEnd == 10); // 10 targer end
+
+        options2.SetAsmOpcodeDisableRange(",");
+        options2.ParseAsmInterOption();
+        EXPECT_TRUE(options2.GetAsmInterParsedOption().handleStart == 0);
+        EXPECT_TRUE(options2.GetAsmInterParsedOption().handleEnd == kungfu::BYTECODE_STUB_END_ID);
+
+        options2.SetAsmOpcodeDisableRange("@,@");
+        options2.ParseAsmInterOption();
+        EXPECT_TRUE(options2.GetAsmInterParsedOption().handleStart == 0);
+        EXPECT_TRUE(options2.GetAsmInterParsedOption().handleEnd == kungfu::BYTECODE_STUB_END_ID);
+
        JSNApi::DestroyJSVM(ecmaVm2);
    });
    t1.join();