github_mirrors/quickjs
3
0
Fork 1
mirror of https://github.com/bellard/quickjs.git synced 2025-09-30 15:04:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

Prevent UB on memcpy and floating point conversions

Browse Source 
- add `memcpy_no_ub` that accepts null pointers for 0 count
- prevent 0 length allocation in `js_worker_postMessage`
- use safer test for `int` value in `JS_NewFloat64`,
  `JS_ToArrayLengthFree` and `js_typed_array_indexOf`
This commit is contained in:
Charlie Gordon
2024-03-03 14:05:40 +01:00
parent 3dd93eb4e4
commit 06c100c9bf
5 changed files with 26 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
quickjs.h
View File

@@ -550,23 +550,21 @@ JSValue JS_NewBigUint64(JSContext *ctx, uint64_t v);
static js_force_inline JSValue JS_NewFloat64(JSContext *ctx, double d)
{
JSValue v;
int32_t val;
union {
double d;
uint64_t u;
} u, t;
u.d = d;
val = (int32_t)d;
t.d = val;
/* -0 cannot be represented as integer, so we compare the bit
representation */
if (u.u == t.u) {
v = JS_MKVAL(JS_TAG_INT, val);
} else {
v = __JS_NewFloat64(ctx, d);
if (d >= INT32_MIN && d <= INT32_MAX) {
u.d = d;
val = (int32_t)d;
t.d = val;
/* -0 cannot be represented as integer, so we compare the bit
representation */
if (u.u == t.u)
return JS_MKVAL(JS_TAG_INT, val);
}
return v;
return __JS_NewFloat64(ctx, d);
}
static inline JS_BOOL JS_IsNumber(JSValueConst v)