mirrors/quickjs
1
0
Fork 0
mirror of https://github.com/bellard/quickjs.git synced 2024-11-22 13:48:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

avoid potentially undefined behavior and make valgrind happy (bnoordhuis) (github issue #153)

Browse Source
This commit is contained in:
Fabrice Bellard 2024-01-08 18:39:26 +01:00
parent 3c2cfabfc7
commit c3635861f6
1 changed files with 12 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
quickjs.c
View File

@ -7905,47 +7905,45 @@ static JSValue JS_GetPropertyValue(JSContext *ctx, JSValueConst this_obj,
if (likely(JS_VALUE_GET_TAG(this_obj) == JS_TAG_OBJECT && if (likely(JS_VALUE_GET_TAG(this_obj) == JS_TAG_OBJECT &&
JS_VALUE_GET_TAG(prop) == JS_TAG_INT)) { JS_VALUE_GET_TAG(prop) == JS_TAG_INT)) {
JSObject *p; JSObject *p;
uint32_t idx, len; uint32_t idx;
/* fast path for array access */ /* fast path for array access */
p = JS_VALUE_GET_OBJ(this_obj); p = JS_VALUE_GET_OBJ(this_obj);
idx = JS_VALUE_GET_INT(prop); idx = JS_VALUE_GET_INT(prop);
/* Note: this code works even if 'p->u.array.count' is not
initialized. There are two cases:
- 'p' is an array-like object. 'p->u.array.count' is
initialized so the slow_path is taken when the index is
out of bounds.
- 'p' is not an array-like object. 'p->u.array.count' has
any value and potentially not initialized. In all the cases
(idx >= len or idx < len) the slow path is taken as
expected.
*/
len = (uint32_t)p->u.array.count;
if (unlikely(idx >= len))
goto slow_path;
switch(p->class_id) { switch(p->class_id) {
case JS_CLASS_ARRAY: case JS_CLASS_ARRAY:
case JS_CLASS_ARGUMENTS: case JS_CLASS_ARGUMENTS:
if (unlikely(idx >= p->u.array.count)) goto slow_path;
return JS_DupValue(ctx, p->u.array.u.values[idx]); return JS_DupValue(ctx, p->u.array.u.values[idx]);
case JS_CLASS_INT8_ARRAY: case JS_CLASS_INT8_ARRAY:
if (unlikely(idx >= p->u.array.count)) goto slow_path;
return JS_NewInt32(ctx, p->u.array.u.int8_ptr[idx]); return JS_NewInt32(ctx, p->u.array.u.int8_ptr[idx]);
case JS_CLASS_UINT8C_ARRAY: case JS_CLASS_UINT8C_ARRAY:
case JS_CLASS_UINT8_ARRAY: case JS_CLASS_UINT8_ARRAY:
if (unlikely(idx >= p->u.array.count)) goto slow_path;
return JS_NewInt32(ctx, p->u.array.u.uint8_ptr[idx]); return JS_NewInt32(ctx, p->u.array.u.uint8_ptr[idx]);
case JS_CLASS_INT16_ARRAY: case JS_CLASS_INT16_ARRAY:
if (unlikely(idx >= p->u.array.count)) goto slow_path;
return JS_NewInt32(ctx, p->u.array.u.int16_ptr[idx]); return JS_NewInt32(ctx, p->u.array.u.int16_ptr[idx]);
case JS_CLASS_UINT16_ARRAY: case JS_CLASS_UINT16_ARRAY:
if (unlikely(idx >= p->u.array.count)) goto slow_path;
return JS_NewInt32(ctx, p->u.array.u.uint16_ptr[idx]); return JS_NewInt32(ctx, p->u.array.u.uint16_ptr[idx]);
case JS_CLASS_INT32_ARRAY: case JS_CLASS_INT32_ARRAY:
if (unlikely(idx >= p->u.array.count)) goto slow_path;
return JS_NewInt32(ctx, p->u.array.u.int32_ptr[idx]); return JS_NewInt32(ctx, p->u.array.u.int32_ptr[idx]);
case JS_CLASS_UINT32_ARRAY: case JS_CLASS_UINT32_ARRAY:
if (unlikely(idx >= p->u.array.count)) goto slow_path;
return JS_NewUint32(ctx, p->u.array.u.uint32_ptr[idx]); return JS_NewUint32(ctx, p->u.array.u.uint32_ptr[idx]);
case JS_CLASS_BIG_INT64_ARRAY: case JS_CLASS_BIG_INT64_ARRAY:
if (unlikely(idx >= p->u.array.count)) goto slow_path;
return JS_NewBigInt64(ctx, p->u.array.u.int64_ptr[idx]); return JS_NewBigInt64(ctx, p->u.array.u.int64_ptr[idx]);
case JS_CLASS_BIG_UINT64_ARRAY: case JS_CLASS_BIG_UINT64_ARRAY:
if (unlikely(idx >= p->u.array.count)) goto slow_path;
return JS_NewBigUint64(ctx, p->u.array.u.uint64_ptr[idx]); return JS_NewBigUint64(ctx, p->u.array.u.uint64_ptr[idx]);
case JS_CLASS_FLOAT32_ARRAY: case JS_CLASS_FLOAT32_ARRAY:
if (unlikely(idx >= p->u.array.count)) goto slow_path;
return __JS_NewFloat64(ctx, p->u.array.u.float_ptr[idx]); return __JS_NewFloat64(ctx, p->u.array.u.float_ptr[idx]);
case JS_CLASS_FLOAT64_ARRAY: case JS_CLASS_FLOAT64_ARRAY:
if (unlikely(idx >= p->u.array.count)) goto slow_path;
return __JS_NewFloat64(ctx, p->u.array.u.double_ptr[idx]); return __JS_NewFloat64(ctx, p->u.array.u.double_ptr[idx]);
default: default:
goto slow_path; goto slow_path;