[njs] Fixed Array.prototype.join() with TypeArray instance.
Dmitry Volyntsev
xeioex at nginx.com
Wed Jul 8 13:08:45 UTC 2020
details: https://hg.nginx.org/njs/rev/960402554cc9
branches:
changeset: 1461:960402554cc9
user: Dmitry Volyntsev <xeioex at nginx.com>
date: Wed Jul 08 13:07:05 2020 +0000
description:
Fixed Array.prototype.join() with TypeArray instance.
Found by Clang static analyzer.
The issue was introduced in ccfa84cea2b3.
diffstat:
src/njs_array.c | 3 ++-
src/test/njs_unit_test.c | 14 +++++++++++---
2 files changed, 13 insertions(+), 4 deletions(-)
diffs (40 lines):
diff -r 69dac13b47b6 -r 960402554cc9 src/njs_array.c
--- a/src/njs_array.c Wed Jul 08 13:07:03 2020 +0000
+++ b/src/njs_array.c Wed Jul 08 13:07:05 2020 +0000
@@ -1609,7 +1609,8 @@ njs_array_prototype_join(njs_vm_t *vm, n
njs_chb_init(&chain, vm->mem_pool);
for (i = 0; i < len; i++) {
- if (njs_fast_path(njs_object(this)->fast_array
+ if (njs_fast_path(array != NULL
+ && array->object.fast_array
&& njs_is_valid(&array->start[i])))
{
value = &array->start[i];
diff -r 69dac13b47b6 -r 960402554cc9 src/test/njs_unit_test.c
--- a/src/test/njs_unit_test.c Wed Jul 08 13:07:03 2020 +0000
+++ b/src/test/njs_unit_test.c Wed Jul 08 13:07:05 2020 +0000
@@ -3973,12 +3973,20 @@ static njs_unit_test_t njs_test[] =
njs_str(",,,false,true,0,1") },
{ njs_str("var o = { toString: function() { return null } };"
- "[o].join()"),
+ "[o].join()"),
njs_str("null") },
{ njs_str("var o = { toString: function() { return undefined } };"
- "[o].join()"),
- njs_str("undefined") },
+ "[o].join()"),
+ njs_str("undefined") },
+
+ { njs_str("var a = [0,,2,3];"
+ "Object.defineProperty(Array.prototype, 1, {get: ()=> {a[32] = 32; return 1}, configurable:true});"
+ "a.join()"),
+ njs_str("0,1,2,3") },
+
+ { njs_str("Array.prototype.join.call(new Uint8Array([0,1,2]))"),
+ njs_str("0,1,2") },
{ njs_str("var a = []; a[5] = 5; a"),
njs_str(",,,,,5") },
More information about the nginx-devel
mailing list