[njs] Fixed processing of large array indexes.

Igor Sysoev igor at sysoev.ru
Fri Jun 23 12:29:02 UTC 2017


details:   http://hg.nginx.org/njs/rev/e33bea39c650
branches:  
changeset: 376:e33bea39c650
user:      Igor Sysoev <igor at sysoev.ru>
date:      Fri Jun 23 15:27:28 2017 +0300
description:
Fixed processing of large array indexes.

diffstat:

 njs/njs_vm.c             |  13 +++++++------
 njs/test/njs_unit_test.c |   3 +++
 2 files changed, 10 insertions(+), 6 deletions(-)

diffs (53 lines):

diff -r 44ca33e6afdb -r e33bea39c650 njs/njs_vm.c
--- a/njs/njs_vm.c	Thu Jun 22 18:56:26 2017 +0300
+++ b/njs/njs_vm.c	Fri Jun 23 15:27:28 2017 +0300
@@ -73,7 +73,7 @@ struct njs_property_next_s {
 static nxt_noinline njs_ret_t njs_property_query(njs_vm_t *vm,
     njs_property_query_t *pq, njs_value_t *object, njs_value_t *property);
 static njs_ret_t njs_array_property_query(njs_vm_t *vm,
-    njs_property_query_t *pq, njs_value_t *object, int32_t index);
+    njs_property_query_t *pq, njs_value_t *object, uint32_t index);
 static njs_ret_t njs_object_property_query(njs_vm_t *vm,
     njs_property_query_t *pq, njs_value_t *value, njs_object_t *object);
 static njs_ret_t njs_method_private_copy(njs_vm_t *vm,
@@ -1054,21 +1054,22 @@ njs_property_query(njs_vm_t *vm, njs_pro
 
 static njs_ret_t
 njs_array_property_query(njs_vm_t *vm, njs_property_query_t *pq,
-    njs_value_t *object, int32_t index)
+    njs_value_t *object, uint32_t index)
 {
-    int32_t      size;
+    uint32_t     size;
     njs_ret_t    ret;
     njs_value_t  *value;
     njs_array_t  *array;
 
     array = object->data.u.array;
-    size = index - array->length;
-
-    if (size >= 0) {
+
+    if (index >= array->length) {
         if (pq->query != NJS_PROPERTY_QUERY_SET) {
             return NXT_DECLINED;
         }
 
+        size = index - array->length;
+
         ret = njs_array_expand(vm, array, 0, size + 1);
         if (nxt_slow_path(ret != NXT_OK)) {
             return ret;
diff -r 44ca33e6afdb -r e33bea39c650 njs/test/njs_unit_test.c
--- a/njs/test/njs_unit_test.c	Thu Jun 22 18:56:26 2017 +0300
+++ b/njs/test/njs_unit_test.c	Fri Jun 23 15:27:28 2017 +0300
@@ -2487,6 +2487,9 @@ static njs_unit_test_t  njs_test[] =
     { nxt_string("var a = [ 1, 2, 3 ]; a[4294967296] = 4; a + a[4294967296]"),
       nxt_string("1,2,34") },
 
+    { nxt_string("delete[]['4e9']"),
+      nxt_string("false") },
+
     { nxt_string("var n = 1, a = [ n += 1 ]; a"),
       nxt_string("2") },
 


More information about the nginx-devel mailing list