Skip to content

Commit

Permalink
src: perform bounds checking on error source line
Browse files Browse the repository at this point in the history
Fixes: #33578

PR-URL: #33645
Reviewed-By: Rich Trott <[email protected]>
  • Loading branch information
addaleax committed Jun 9, 2020
1 parent 35871c3 commit 4678e44
Showing 1 changed file with 8 additions and 3 deletions.
11 changes: 8 additions & 3 deletions src/node_errors.cc
Original file line number Diff line number Diff line change
Expand Up @@ -55,19 +55,18 @@ static std::string GetErrorSource(Isolate* isolate,
MaybeLocal<String> source_line_maybe = message->GetSourceLine(context);
node::Utf8Value encoded_source(isolate, source_line_maybe.ToLocalChecked());
std::string sourceline(*encoded_source, encoded_source.length());
*added_exception_line = false;

// If source maps have been enabled, the exception line will instead be
// added in the JavaScript context:
Environment* env = Environment::GetCurrent(isolate);
const bool has_source_map_url =
!message->GetScriptOrigin().SourceMapUrl().IsEmpty();
if (has_source_map_url && env->source_maps_enabled()) {
*added_exception_line = false;
return sourceline;
}

if (sourceline.find("node-do-not-add-exception-line") != std::string::npos) {
*added_exception_line = false;
return sourceline;
}

Expand Down Expand Up @@ -114,6 +113,13 @@ static std::string GetErrorSource(Isolate* isolate,
linenum,
sourceline.c_str());
CHECK_GT(buf.size(), 0);
*added_exception_line = true;

if (start > end ||
start < 0 ||
static_cast<size_t>(end) > sourceline.size()) {
return buf;
}

constexpr int kUnderlineBufsize = 1020;
char underline_buf[kUnderlineBufsize + 4];
Expand All @@ -136,7 +142,6 @@ static std::string GetErrorSource(Isolate* isolate,
CHECK_LE(off, kUnderlineBufsize);
underline_buf[off++] = '\n';

*added_exception_line = true;
return buf + std::string(underline_buf, off);
}

Expand Down

0 comments on commit 4678e44

Please sign in to comment.