-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security: Avoid bad range check pattern #1752
Comments
Added Security label. |
Set owner to @turnidge. |
Removed Priority-Medium label. |
Removed this from the M5 milestone. |
// Perform a range check, checking if |
… webdev Revisions updated by `dart tools/rev_sdk_deps.dart`. crypto (https://github.com/dart-lang/crypto/compare/7cf89d3..e175a95): e175a95 2022-11-03 Devon Carew refactor tests to use a more compact encoding (#134) dartdoc (https://github.com/dart-lang/dartdoc/compare/179ada0..4b2e01b): 4b2e01b6 2022-11-03 Sam Rawlins Deprecate many elements on ModelElement (#3218) 60cc024a 2022-11-03 Sam Rawlins Make some logging APIs non-nullable (#3245) 01c55118 2022-11-03 István Soós Command-line arguments for limit max file count or total size. (#3231) file (https://github.com/google/file.dart/compare/b2e31cb..b768f79): b768f79 2022-11-07 Devon Carew add dependabot; run the CI weekly (#203) intl (https://github.com/dart-lang/intl/compare/dda8ade..442193c): 442193c 2022-11-07 Fernando Andrade Fix typo on readme (#506) shelf (https://github.com/dart-lang/shelf/compare/592656f..5fd2593): 5fd2593 2022-11-07 Kevin Moore latest mono_repo d1d8dc5 2022-11-07 Kevin Moore shelf: fix lints (#307) 64255e5 2022-11-03 Nate Bosch Prepare to publish shelf_web_socket (#305) test (https://github.com/dart-lang/test/compare/173a36f..f3fb3ab): f3fb3ab6 2022-11-05 stnamco add lack of description to configuration document (#1782) test_descriptor (https://github.com/dart-lang/test_descriptor/compare/66f14ce..13dbc20): 13dbc20 2022-11-07 Kevin Moore update lints (#45) webdev (https://github.com/dart-lang/webdev/compare/069b870..47c1c33): 47c1c33 2022-11-04 Anna Gringauze Added issue references and removed unused library (#1752) 542db40 2022-11-04 Anna Gringauze Update analysis options in dwds (#1777) 1a36ec8 2022-11-03 Elliott Brooks (she/her) Send debug info from injected client to the debug extension (#1772) Change-Id: I65dca831c71fa9487d663cc2a808b78b64424072 Reviewed-on: https://dart-review.googlesource.com/c/sdk/+/268360 Auto-Submit: Devon Carew <devoncarew@google.com> Commit-Queue: Devon Carew <devoncarew@google.com> Reviewed-by: Kevin Moore <kevmoo@google.com> Commit-Queue: Kevin Moore <kevmoo@google.com>
The following are two examples of code that uses a bad range check pattern:
intptr_t offset,
uint8_t* native_array,
intptr_t length) {
Isolate* isolate = Isolate::Current();
DARTSCOPE(isolate);
const Object& obj = Object::Handle(Api::UnwrapHandle(list));
if (obj.IsArray()) {
Array& array_obj = Array::Handle();
array_obj ^= obj.raw();
if ((offset + length) <= array_obj.Length()) {
Object& element = Object::Handle();
static void RangeCheck(const ByteArray& array, const Smi& index,
intptr_t num_bytes) {
if ((index.Value() < 0) || ((index.Value() + num_bytes) > array.Length())) {
The text was updated successfully, but these errors were encountered: