Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: ExternalOneByteStringResource is not guaranteed to be valid UTF-8 #1532

Merged
merged 2 commits into from
Jul 20, 2024
Merged

fix: ExternalOneByteStringResource is not guaranteed to be valid UTF-8 #1532

merged 2 commits into from
Jul 20, 2024

Conversation

aapoalas
Copy link
Contributor

@aapoalas aapoalas commented Jul 18, 2024
edited
Loading

A subtle unsoundness / undefined behaviour made its way into the fairly recently added ExternalOneByteStringResource object: The as_str API is not sound as the data inside may be be Latin-1, not ASCII.

As the API was not used anywhere in deno or deno_core, I opted to simply remove it and replace it with an as_bytes API. I also modified the test to showcase the Latin-1 string case and added copious notes and explanations around the code to make sure this doesn't accidentally happen again. The likely reason why the API originally slipped in is because the OneByteConst has this API where it is safe because the OneByteConst creation checks the data for ASCII-ness.

I also tried to add an API to extract an Option<&'static OneByteConst> from an &ExternalOneByteStringResource but run into rust-lang/rust#119618 ie. OneByteConst is actually duplicating the vtables... which is not great.

Closes #1531

@bartlomieju
Copy link
Member

Closes #1531?

@aapoalas
Copy link
Contributor Author

Closes #1531?

Oh, yes

0f-0b
0f-0b reviewed Jul 19, 2024
View reviewed changes
src/string.rs Outdated Show resolved Hide resolved
bartlomieju
bartlomieju approved these changes Jul 19, 2024
View reviewed changes
Copy link
Member

@bartlomieju bartlomieju left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM provided that the answer to #1532 (comment) is "yes"

@aapoalas
Copy link
Contributor Author

LGTM provided that the answer to #1532 (comment) is "yes"

I couldn't give a full "yes" so I fixed the code to check for length being zero. If length is zero, then the pointer could also theoretically be null.

@bartlomieju bartlomieju merged commit 7b6451a into denoland:main Jul 20, 2024
16 checks passed
@bartlomieju bartlomieju mentioned this pull request Jul 22, 2024
Merged
bartlomieju added a commit to denoland/deno_core that referenced this pull request Jul 22, 2024
@bartlomieju
chore: upgrade rusty_v8 to 0.98.2 (#835)
19d2d60 
Includes:
- denoland/rusty_v8#1532
- denoland/rusty_v8#1533

Closes #834
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@0f-0b 0f-0b 0f-0b left review comments

@bartlomieju bartlomieju bartlomieju approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ExternalOneByteStringResource::as_str is unsound
3 participants
@aapoalas @bartlomieju @0f-0b