From e53c55e1e20eb8545d0a165c520bf11bd5b14624 Mon Sep 17 00:00:00 2001 From: Dmitry Volyntsev Date: Mon, 29 Aug 2022 21:09:12 -0700 Subject: [PATCH] Fixed njs_value_to_string() with non-writable dst argument. njs_arg(args, nargs, N) returns a pointer to Nth argument OR a pointer to undefined constant value njs_value_undefined if N >= nargs. njs_value_to_string() writes to a dst argument its result. This means that it is incorrect to use value of njs_arg() directly as a second argument to njs_value_to_string(). This closes #570 issue on Github. --- external/njs_webcrypto_module.c | 9 +++++---- src/njs_number.c | 8 ++++---- src/njs_symbol.c | 4 ++-- src/test/njs_unit_test.c | 9 +++++++++ 4 files changed, 20 insertions(+), 10 deletions(-) diff --git a/external/njs_webcrypto_module.c b/external/njs_webcrypto_module.c index da8ecb92..dc9aa1b6 100644 --- a/external/njs_webcrypto_module.c +++ b/external/njs_webcrypto_module.c @@ -2486,8 +2486,9 @@ njs_webcrypto_cleanup_pkey(void *data) static njs_webcrypto_key_format_t njs_key_format(njs_vm_t *vm, njs_value_t *value, njs_str_t *format) { - njs_int_t ret; - njs_uint_t fmt; + njs_int_t ret; + njs_uint_t fmt; + njs_value_t string; static const struct { njs_str_t name; @@ -2499,12 +2500,12 @@ njs_key_format(njs_vm_t *vm, njs_value_t *value, njs_str_t *format) { njs_str("jwk"), NJS_KEY_FORMAT_JWK }, }; - ret = njs_value_to_string(vm, value, value); + ret = njs_value_to_string(vm, &string, value); if (njs_slow_path(ret != NJS_OK)) { return NJS_ERROR; } - njs_string_get(value, format); + njs_string_get(&string, format); fmt = 0; diff --git a/src/njs_number.c b/src/njs_number.c index f1079616..14a7750e 100644 --- a/src/njs_number.c +++ b/src/njs_number.c @@ -1068,13 +1068,13 @@ njs_number_parse_int(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs, int32_t radix; njs_int_t ret; njs_bool_t minus, test_prefix; - njs_value_t *value; + njs_value_t *value, lvalue; const u_char *p, *end; njs_string_prop_t string; num = NAN; - value = njs_arg(args, nargs, 1); + value = njs_lvalue_arg(&lvalue, args, nargs, 1); ret = njs_value_to_string(vm, value, value); if (njs_slow_path(ret != NJS_OK)) { @@ -1146,9 +1146,9 @@ njs_number_parse_float(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs, njs_index_t unused) { njs_int_t ret; - njs_value_t *value; + njs_value_t *value, lvalue; - value = njs_arg(args, nargs, 1); + value = njs_lvalue_arg(&lvalue, args, nargs, 1); ret = njs_value_to_string(vm, value, value); if (njs_slow_path(ret != NJS_OK)) { diff --git a/src/njs_symbol.c b/src/njs_symbol.c index fe2f3639..f2898b29 100644 --- a/src/njs_symbol.c +++ b/src/njs_symbol.c @@ -151,11 +151,11 @@ njs_symbol_for(njs_vm_t *vm, njs_value_t *args, njs_uint_t nargs, { uint64_t key; njs_int_t ret; - njs_value_t *value; + njs_value_t *value, lvalue; njs_rbtree_node_t *rb_node; njs_rb_symbol_node_t *node; - value = njs_arg(args, nargs, 1); + value = njs_lvalue_arg(&lvalue, args, nargs, 1); if (njs_slow_path(!njs_is_string(value))) { ret = njs_value_to_string(vm, value, value); diff --git a/src/test/njs_unit_test.c b/src/test/njs_unit_test.c index 521814a7..287ddda2 100644 --- a/src/test/njs_unit_test.c +++ b/src/test/njs_unit_test.c @@ -13062,6 +13062,9 @@ static njs_unit_test_t njs_test[] = { njs_str("Symbol.for({toString: () => 'desc'}).description"), njs_str("desc") }, + { njs_str("Symbol.for().toString()"), + njs_str("Symbol(undefined)") }, + { njs_str("Symbol.for('desc') === Symbol.for('desc')"), njs_str("true") }, @@ -16910,6 +16913,9 @@ static njs_unit_test_t njs_test[] = { njs_str("parseInt.length"), njs_str("2") }, + { njs_str("parseInt()"), + njs_str("NaN") }, + { njs_str("parseInt('12345abc')"), njs_str("12345") }, @@ -16994,6 +17000,9 @@ static njs_unit_test_t njs_test[] = { njs_str("parseFloat('12345abc')"), njs_str("12345") }, + { njs_str("parseFloat()"), + njs_str("NaN") }, + { njs_str("parseFloat('')"), njs_str("NaN") }, -- 2.47.3