Skip to content

Commit 8a3bcf6

Browse files
pandazyppandazyp
committed
[BugFix] fix bignum's overflow
issue: f-5925102193
1 parent 65c48e6 commit 8a3bcf6

4 files changed

Lines changed: 32 additions & 14 deletions

File tree

src/interpreter/quickjs/source/bignum.cc

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1040,7 +1040,8 @@ int js_bigint_cmp(LEPUSContext *ctx, const JSBigInt *a, const JSBigInt *b) {
10401040
= 10, 2, 8 or 16. */
10411041
JSBigInt *js_bigint_from_string(LEPUSContext *ctx, const char *str, int radix) {
10421042
const char *p = str;
1043-
int is_neg, n_digits, n_limbs, len, log2_radix, n_bits, i;
1043+
int is_neg, log2_radix;
1044+
size_t n_digits, n_bits, len, i, n_limbs;
10441045
JSBigInt *r;
10451046
js_limb_t v, c, h;
10461047

src/interpreter/quickjs/source/quickjs.cc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13618,7 +13618,7 @@ QJS_STATIC LEPUSValue js_call_c_function(LEPUSContext *ctx,
1361813618
if (unlikely(argc < arg_count)) {
1361913619
/* ensure that at least argc_count arguments are readable */
1362013620
#ifdef ENABLE_VIRTUAL_STACK
13621-
size_t alloca_size = sizeof(arg_buf[0]) * arg_count;
13621+
alloca_size = sizeof(arg_buf[0]) * arg_count;
1362213622
arg_buf = js_get_virtual_sp(alloca_size);
1362313623
if (!arg_buf) {
1362413624
return JS_ThrowStackOverflow(ctx);

testing/quickjs/compiler/qjs.cc

Lines changed: 14 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -167,18 +167,20 @@ int main(int argc, char **argv) {
167167
lepus_std_add_helpers(ctx, 0, NULL);
168168

169169
LEPUSValue global_obj = LEPUS_GetGlobalObject(ctx);
170-
LEPUSValue cfunc = LEPUS_NewCFunction(ctx, js_std_load_file, "read", 1);
171-
HandleScope func_scope(ctx, &cfunc, HANDLE_TYPE_LEPUS_VALUE);
172-
LEPUS_SetPropertyStr(ctx, global_obj, "read", cfunc);
173-
cfunc = LEPUS_NewCFunction(
174-
ctx,
175-
[](LEPUSContext *ctx, LEPUSValue this_obj, int32_t argc,
176-
LEPUSValue *argv) {
177-
LEPUS_RunGC(LEPUS_GetRuntime(ctx));
178-
return LEPUS_UNDEFINED;
179-
},
180-
"", 0);
181-
LEPUS_SetPropertyStr(ctx, global_obj, "gc", cfunc);
170+
{
171+
LEPUSValue cfunc = LEPUS_NewCFunction(ctx, js_std_load_file, "read", 1);
172+
HandleScope func_scope(ctx, &cfunc, HANDLE_TYPE_LEPUS_VALUE);
173+
LEPUS_SetPropertyStr(ctx, global_obj, "read", cfunc);
174+
cfunc = LEPUS_NewCFunction(
175+
ctx,
176+
[](LEPUSContext *ctx, LEPUSValue this_obj, int32_t argc,
177+
LEPUSValue *argv) {
178+
LEPUS_RunGC(LEPUS_GetRuntime(ctx));
179+
return LEPUS_UNDEFINED;
180+
},
181+
"", 0);
182+
LEPUS_SetPropertyStr(ctx, global_obj, "gc", cfunc);
183+
}
182184
if (!LEPUS_IsGCMode(ctx)) {
183185
LEPUS_FreeValue(ctx, global_obj);
184186
}

testing/quickjs/compiler/test_common.cc

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1467,4 +1467,19 @@ TEST_F(CommonQjsTest, NotAFunctionException) {
14671467
}
14681468
}
14691469

1470+
TEST_F(CommonQjsTest, BigIntOverFlow) {
1471+
std::string src = R"(
1472+
const len = 79536432;
1473+
console.log("Creating string of length " + len);
1474+
let digits = '1'.repeat(len);
1475+
console.log("String created. Calling BigInt().");
1476+
let b = BigInt(digits); // Radix 10
1477+
console.log("BigInt created.");
1478+
)";
1479+
1480+
auto ret = LEPUS_Eval(ctx_, src.c_str(), src.size(), "test.js",
1481+
LEPUS_EVAL_TYPE_GLOBAL);
1482+
if (!ctx_->gc_enable) LEPUS_FreeValue(ctx_, ret);
1483+
}
1484+
14701485
} // namespace common_qjs_test

0 commit comments

Comments
 (0)