Security: Avoid bad range check pattern #1752
Assignees
Labels
area-vm
Use area-vm for VM related issues, including code coverage, and the AOT and JIT backends.
type-security
Comments
|
Added Security label. |
|
Set owner to @turnidge. |
|
Removed Priority-Medium label. |
|
Removed this from the M5 milestone. |
turnidge
added
Type-Defect
area-vm
|
// Perform a range check, checking if |
copybara-service bot
pushed a commit
that referenced
this issue
Nov 7, 2022
… webdev Revisions updated by `dart tools/rev_sdk_deps.dart`. crypto (https://github.com/dart-lang/crypto/compare/7cf89d3..e175a95): e175a95 2022-11-03 Devon Carew refactor tests to use a more compact encoding (#134) dartdoc (https://github.com/dart-lang/dartdoc/compare/179ada0..4b2e01b): 4b2e01b6 2022-11-03 Sam Rawlins Deprecate many elements on ModelElement (#3218) 60cc024a 2022-11-03 Sam Rawlins Make some logging APIs non-nullable (#3245) 01c55118 2022-11-03 István Soós Command-line arguments for limit max file count or total size. (#3231) file (https://github.com/google/file.dart/compare/b2e31cb..b768f79): b768f79 2022-11-07 Devon Carew add dependabot; run the CI weekly (#203) intl (https://github.com/dart-lang/intl/compare/dda8ade..442193c): 442193c 2022-11-07 Fernando Andrade Fix typo on readme (#506) shelf (https://github.com/dart-lang/shelf/compare/592656f..5fd2593): 5fd2593 2022-11-07 Kevin Moore latest mono_repo d1d8dc5 2022-11-07 Kevin Moore shelf: fix lints (#307) 64255e5 2022-11-03 Nate Bosch Prepare to publish shelf_web_socket (#305) test (https://github.com/dart-lang/test/compare/173a36f..f3fb3ab): f3fb3ab6 2022-11-05 stnamco add lack of description to configuration document (#1782) test_descriptor (https://github.com/dart-lang/test_descriptor/compare/66f14ce..13dbc20): 13dbc20 2022-11-07 Kevin Moore update lints (#45) webdev (https://github.com/dart-lang/webdev/compare/069b870..47c1c33): 47c1c33 2022-11-04 Anna Gringauze Added issue references and removed unused library (#1752) 542db40 2022-11-04 Anna Gringauze Update analysis options in dwds (#1777) 1a36ec8 2022-11-03 Elliott Brooks (she/her) Send debug info from injected client to the debug extension (#1772) Change-Id: I65dca831c71fa9487d663cc2a808b78b64424072 Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/268360 Auto-Submit: Devon Carew <devoncarew@google.com> Commit-Queue: Devon Carew <devoncarew@google.com> Reviewed-by: Kevin Moore <kevmoo@google.com> Commit-Queue: Kevin Moore <kevmoo@google.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The following are two examples of code that uses a bad range check pattern:
intptr_t offset,
uint8_t* native_array,
intptr_t length) {
Isolate* isolate = Isolate::Current();
DARTSCOPE(isolate);
const Object& obj = Object::Handle(Api::UnwrapHandle(list));
if (obj.IsArray()) {
Array& array_obj = Array::Handle();
array_obj ^= obj.raw();
if ((offset + length) <= array_obj.Length()) {
Object& element = Object::Handle();
static void RangeCheck(const ByteArray& array, const Smi& index,
intptr_t num_bytes) {
if ((index.Value() < 0) || ((index.Value() + num_bytes) > array.Length())) {
The text was updated successfully, but these errors were encountered: