[njs] Fixed processing of large array indexes.
Igor Sysoev
igor at sysoev.ru
Fri Jun 23 12:29:02 UTC 2017
details: http://hg.nginx.org/njs/rev/e33bea39c650
branches:
changeset: 376:e33bea39c650
user: Igor Sysoev <igor at sysoev.ru>
date: Fri Jun 23 15:27:28 2017 +0300
description:
Fixed processing of large array indexes.
diffstat:
njs/njs_vm.c | 13 +++++++------
njs/test/njs_unit_test.c | 3 +++
2 files changed, 10 insertions(+), 6 deletions(-)
diffs (53 lines):
diff -r 44ca33e6afdb -r e33bea39c650 njs/njs_vm.c
--- a/njs/njs_vm.c Thu Jun 22 18:56:26 2017 +0300
+++ b/njs/njs_vm.c Fri Jun 23 15:27:28 2017 +0300
@@ -73,7 +73,7 @@ struct njs_property_next_s {
static nxt_noinline njs_ret_t njs_property_query(njs_vm_t *vm,
njs_property_query_t *pq, njs_value_t *object, njs_value_t *property);
static njs_ret_t njs_array_property_query(njs_vm_t *vm,
- njs_property_query_t *pq, njs_value_t *object, int32_t index);
+ njs_property_query_t *pq, njs_value_t *object, uint32_t index);
static njs_ret_t njs_object_property_query(njs_vm_t *vm,
njs_property_query_t *pq, njs_value_t *value, njs_object_t *object);
static njs_ret_t njs_method_private_copy(njs_vm_t *vm,
@@ -1054,21 +1054,22 @@ njs_property_query(njs_vm_t *vm, njs_pro
static njs_ret_t
njs_array_property_query(njs_vm_t *vm, njs_property_query_t *pq,
- njs_value_t *object, int32_t index)
+ njs_value_t *object, uint32_t index)
{
- int32_t size;
+ uint32_t size;
njs_ret_t ret;
njs_value_t *value;
njs_array_t *array;
array = object->data.u.array;
- size = index - array->length;
-
- if (size >= 0) {
+
+ if (index >= array->length) {
if (pq->query != NJS_PROPERTY_QUERY_SET) {
return NXT_DECLINED;
}
+ size = index - array->length;
+
ret = njs_array_expand(vm, array, 0, size + 1);
if (nxt_slow_path(ret != NXT_OK)) {
return ret;
diff -r 44ca33e6afdb -r e33bea39c650 njs/test/njs_unit_test.c
--- a/njs/test/njs_unit_test.c Thu Jun 22 18:56:26 2017 +0300
+++ b/njs/test/njs_unit_test.c Fri Jun 23 15:27:28 2017 +0300
@@ -2487,6 +2487,9 @@ static njs_unit_test_t njs_test[] =
{ nxt_string("var a = [ 1, 2, 3 ]; a[4294967296] = 4; a + a[4294967296]"),
nxt_string("1,2,34") },
+ { nxt_string("delete[]['4e9']"),
+ nxt_string("false") },
+
{ nxt_string("var n = 1, a = [ n += 1 ]; a"),
nxt_string("2") },
More information about the nginx-devel
mailing list