runtime/bin/process.cc - Issue 10690160: Guard against integer overflow in process constructor.

Side by Side Diff: runtime/bin/process.cc

Issue 10690160: Guard against integer overflow in process constructor. (Closed) Base URL: https://dart.googlecode.com/svn/branches/bleeding_edge/dart

Patch Set: Created 8 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file	1 // Copyright (c) 2012, the Dart project authors. Please see the AUTHORS file

2 // for details. All rights reserved. Use of this source code is governed by a	2 // for details. All rights reserved. Use of this source code is governed by a

3 // BSD-style license that can be found in the LICENSE file.	3 // BSD-style license that can be found in the LICENSE file.

4	4

5 #include "bin/dartutils.h"	5 #include "bin/dartutils.h"

6 #include "bin/process.h"	6 #include "bin/process.h"

7	7

8 #include "include/dart_api.h"	8 #include "include/dart_api.h"

9	9

10 // Extract an array of C strings from a list of Dart strings.	10 // Extract an array of C strings from a list of Dart strings.

11 static char** ExtractCStringList(Dart_Handle strings,	11 static char** ExtractCStringList(Dart_Handle strings,

12 Dart_Handle status_handle,	12 Dart_Handle status_handle,

13 const char* error_msg,	13 const char* error_msg,

14 intptr_t* length) {	14 intptr_t* length) {

	15 static const intptr_t kMaxArgumentListLength = 1024 * 1024;

15 ASSERT(Dart_IsList(strings));	16 ASSERT(Dart_IsList(strings));

16 intptr_t len = 0;	17 intptr_t len = 0;

17 Dart_Handle result = Dart_ListLength(strings, &len);	18 Dart_Handle result = Dart_ListLength(strings, &len);

18 if (Dart_IsError(result)) {	19 if (Dart_IsError(result)) {

19 Dart_PropagateError(result);	20 Dart_PropagateError(result);

20 }	21 }

	22 // Protect against user-defined list implementations that can have

	23 // arbitrary length.

	24 if (len < 0 \|\| len > kMaxArgumentListLength) {

	25 DartUtils::SetIntegerField(status_handle, "_errorCode", 0);

	26 DartUtils::SetStringField(

	27 status_handle, "_errorMessage", "Max argument list length exceeded");

	28 return NULL;

	29 }

21 *length = len;	30 *length = len;

22 char** string_args = new char*[len];	31 char** string_args = new char*[len];

23 for (int i = 0; i < len; i++) {	32 for (int i = 0; i < len; i++) {

24 Dart_Handle arg = Dart_ListGetAt(strings, i);	33 Dart_Handle arg = Dart_ListGetAt(strings, i);

25 if (Dart_IsError(arg)) {	34 if (Dart_IsError(arg)) {

26 delete[] string_args;	35 delete[] string_args;

27 Dart_PropagateError(arg);	36 Dart_PropagateError(arg);

28 }	37 }

29 if (!Dart_IsString(arg)) {	38 if (!Dart_IsString(arg)) {

30 DartUtils::SetIntegerField(status_handle, "_errorCode", 0);	39 DartUtils::SetIntegerField(status_handle, "_errorCode", 0);

(...skipping 114 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
145	154

146	155

147 void FUNCTION_NAME(Process_Kill)(Dart_NativeArguments args) {	156 void FUNCTION_NAME(Process_Kill)(Dart_NativeArguments args) {

148 Dart_EnterScope();	157 Dart_EnterScope();

149 intptr_t pid = DartUtils::GetIntegerValue(Dart_GetNativeArgument(args, 1));	158 intptr_t pid = DartUtils::GetIntegerValue(Dart_GetNativeArgument(args, 1));

150 int signal = DartUtils::GetIntegerValue(Dart_GetNativeArgument(args, 2));	159 int signal = DartUtils::GetIntegerValue(Dart_GetNativeArgument(args, 2));

151 bool success = Process::Kill(pid, signal);	160 bool success = Process::Kill(pid, signal);

152 Dart_SetReturnValue(args, Dart_NewBoolean(success));	161 Dart_SetReturnValue(args, Dart_NewBoolean(success));

153 Dart_ExitScope();	162 Dart_ExitScope();

154 }	163 }

OLD	NEW

« no previous file with comments | « no previous file | no next file » | no next file with comments »