[njs] Fixed njs_value_to_string() with non-writable dst argument.

Dmitry Volyntsev xeioex at nginx.com
Tue Aug 30 04:13:36 UTC 2022


details:   https://hg.nginx.org/njs/rev/456ac02d226e
branches:  
changeset: 1939:456ac02d226e
user:      Dmitry Volyntsev <xeioex at nginx.com>
date:      Mon Aug 29 21:09:12 2022 -0700
description:
Fixed njs_value_to_string() with non-writable dst argument.

njs_arg(args, nargs, N) returns a pointer to Nth argument OR a pointer
to undefined constant value njs_value_undefined if N >= nargs.
njs_value_to_string() writes to a dst argument its result.
This means that it is incorrect to use value of njs_arg() directly
as a second argument to njs_value_to_string().

This closes #570 issue on Github.

diffstat:

 external/njs_webcrypto_module.c |  9 +++++----
 src/njs_number.c                |  8 ++++----
 src/njs_symbol.c                |  4 ++--
 src/test/njs_unit_test.c        |  9 +++++++++
 4 files changed, 20 insertions(+), 10 deletions(-)

diffs (111 lines):

diff -r 907ec4824fa0 -r 456ac02d226e external/njs_webcrypto_module.c
--- a/external/njs_webcrypto_module.c	Mon Aug 29 21:09:11 2022 -0700
+++ b/external/njs_webcrypto_module.c	Mon Aug 29 21:09:12 2022 -0700
@@ -2486,8 +2486,9 @@ njs_webcrypto_cleanup_pkey(void *data)
 static njs_webcrypto_key_format_t
 njs_key_format(njs_vm_t *vm, njs_value_t *value, njs_str_t *format)
 {
-    njs_int_t   ret;
-    njs_uint_t  fmt;
+    njs_int_t    ret;
+    njs_uint_t   fmt;
+    njs_value_t  string;
 
     static const struct {
         njs_str_t   name;
@@ -2499,12 +2500,12 @@ njs_key_format(njs_vm_t *vm, njs_value_t
         { njs_str("jwk"), NJS_KEY_FORMAT_JWK },
     };
 
-    ret = njs_value_to_string(vm, value, value);
+    ret = njs_value_to_string(vm, &string, value);
     if (njs_slow_path(ret != NJS_OK)) {
         return NJS_ERROR;
     }
 
-    njs_string_get(value, format);
+    njs_string_get(&string, format);
 
     fmt = 0;
 
diff -r 907ec4824fa0 -r 456ac02d226e src/njs_number.c
--- a/src/njs_number.c	Mon Aug 29 21:09:11 2022 -0700
+++ b/src/njs_number.c	Mon Aug 29 21:09:12 2022 -0700
@@ -1068,13 +1068,13 @@ njs_number_parse_int(njs_vm_t *vm, njs_v
     int32_t            radix;
     njs_int_t          ret;
     njs_bool_t         minus, test_prefix;
-    njs_value_t        *value;
+    njs_value_t        *value, lvalue;
     const u_char       *p, *end;
     njs_string_prop_t  string;
 
     num = NAN;
 
-    value = njs_arg(args, nargs, 1);
+    value = njs_lvalue_arg(&lvalue, args, nargs, 1);
 
     ret = njs_value_to_string(vm, value, value);
     if (njs_slow_path(ret != NJS_OK)) {
@@ -1146,9 +1146,9 @@ njs_number_parse_float(njs_vm_t *vm, njs
     njs_index_t unused)
 {
     njs_int_t    ret;
-    njs_value_t  *value;
+    njs_value_t  *value, lvalue;
 
-    value = njs_arg(args, nargs, 1);
+    value = njs_lvalue_arg(&lvalue, args, nargs, 1);
 
     ret = njs_value_to_string(vm, value, value);
     if (njs_slow_path(ret != NJS_OK)) {
diff -r 907ec4824fa0 -r 456ac02d226e src/njs_symbol.c
--- a/src/njs_symbol.c	Mon Aug 29 21:09:11 2022 -0700
+++ b/src/njs_symbol.c	Mon Aug 29 21:09:12 2022 -0700
@@ -151,11 +151,11 @@ njs_symbol_for(njs_vm_t *vm, njs_value_t
 {
     uint64_t              key;
     njs_int_t             ret;
-    njs_value_t           *value;
+    njs_value_t           *value, lvalue;
     njs_rbtree_node_t     *rb_node;
     njs_rb_symbol_node_t  *node;
 
-    value = njs_arg(args, nargs, 1);
+    value = njs_lvalue_arg(&lvalue, args, nargs, 1);
 
     if (njs_slow_path(!njs_is_string(value))) {
         ret = njs_value_to_string(vm, value, value);
diff -r 907ec4824fa0 -r 456ac02d226e src/test/njs_unit_test.c
--- a/src/test/njs_unit_test.c	Mon Aug 29 21:09:11 2022 -0700
+++ b/src/test/njs_unit_test.c	Mon Aug 29 21:09:12 2022 -0700
@@ -13062,6 +13062,9 @@ static njs_unit_test_t  njs_test[] =
     { njs_str("Symbol.for({toString: () => 'desc'}).description"),
       njs_str("desc") },
 
+    { njs_str("Symbol.for().toString()"),
+      njs_str("Symbol(undefined)") },
+
     { njs_str("Symbol.for('desc') === Symbol.for('desc')"),
       njs_str("true") },
 
@@ -16910,6 +16913,9 @@ static njs_unit_test_t  njs_test[] =
     { njs_str("parseInt.length"),
       njs_str("2") },
 
+    { njs_str("parseInt()"),
+      njs_str("NaN") },
+
     { njs_str("parseInt('12345abc')"),
       njs_str("12345") },
 
@@ -16994,6 +17000,9 @@ static njs_unit_test_t  njs_test[] =
     { njs_str("parseFloat('12345abc')"),
       njs_str("12345") },
 
+    { njs_str("parseFloat()"),
+      njs_str("NaN") },
+
     { njs_str("parseFloat('')"),
       njs_str("NaN") },
 



More information about the nginx-devel mailing list