Ignore:
Timestamp:
Feb 28, 2018, 8:38:31 AM (7 years ago)
Author:
Yusuke Suzuki
Message:

JSC crash with import("")
https://bugs.webkit.org/show_bug.cgi?id=183175

Reviewed by Saam Barati.

JSTests:

  • stress/import-with-empty-string.js: Added.

Source/JavaScriptCore:

Add file existence and file type check for module loader implementation in jsc.cpp.
This is not safe for TOCTOU, but it is OK since this functionality is used for the
JSC shell (jsc.cpp): testing purpose.

  • jsc.cpp:

(fillBufferWithContentsOfFile):
(fetchModuleFromLocalFileSystem):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/JavaScriptCore/jsc.cpp

    r228950 r229092  
    7878#include <stdlib.h>
    7979#include <string.h>
     80#include <sys/stat.h>
     81#include <sys/types.h>
    8082#include <thread>
    8183#include <type_traits>
     
    854856static RefPtr<Uint8Array> fillBufferWithContentsOfFile(FILE* file)
    855857{
    856     fseek(file, 0, SEEK_END);
    857     size_t bufferCapacity = ftell(file);
    858     fseek(file, 0, SEEK_SET);
     858    if (fseek(file, 0, SEEK_END) == -1)
     859        return nullptr;
     860    long bufferCapacity = ftell(file);
     861    if (bufferCapacity == -1)
     862        return nullptr;
     863    if (fseek(file, 0, SEEK_SET) == -1)
     864        return nullptr;
    859865    RefPtr<Uint8Array> result = Uint8Array::create(bufferCapacity);
    860866    size_t readSize = fread(result->data(), 1, bufferCapacity, file);
    861     if (readSize != bufferCapacity)
     867    if (readSize != static_cast<size_t>(bufferCapacity))
    862868        return nullptr;
    863869    return result;
     
    882888    // We might have injected "use strict"; at the top.
    883889    size_t initialSize = buffer.size();
    884     fseek(file, 0, SEEK_END);
    885     size_t bufferCapacity = ftell(file);
    886     fseek(file, 0, SEEK_SET);
     890    if (fseek(file, 0, SEEK_END) == -1)
     891        return false;
     892    long bufferCapacity = ftell(file);
     893    if (bufferCapacity == -1)
     894        return false;
     895    if (fseek(file, 0, SEEK_SET) == -1)
     896        return false;
    887897    buffer.resize(bufferCapacity + initialSize);
    888898    size_t readSize = fread(buffer.data() + initialSize, 1, buffer.size(), file);
     
    919929    // Use long UNC to pass the long path name to the Windows APIs.
    920930    String longUNCPathName = WTF::makeString("\\\\?\\", fileName);
    921     FILE* f = _wfopen(stringToNullTerminatedWChar(longUNCPathName).data(), L"rb");
     931    auto pathName = stringToNullTerminatedWChar(longUNCPathName);
     932    struct _stat status { };
     933    if (_wstat(pathName.data(), &status))
     934        return false;
     935    if ((status.st_mode & S_IFMT) != S_IFREG)
     936        return false;
     937
     938    FILE* f = _wfopen(pathName.data(), L"rb");
    922939#else
    923     FILE* f = fopen(fileName.utf8().data(), "r");
     940    auto pathName = fileName.utf8();
     941    struct stat status { };
     942    if (stat(pathName.data(), &status))
     943        return false;
     944    if ((status.st_mode & S_IFMT) != S_IFREG)
     945        return false;
     946
     947    FILE* f = fopen(pathName.data(), "r");
    924948#endif
    925949    if (!f) {
Note: See TracChangeset for help on using the changeset viewer.