You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Codegen::print_char, a public API, can be used to construct invalid UTF-8 in safe code. When Codegen::into_source_text gets called, String::from_utf8_unchecked's invariants will not be upheld, producing undefined behavior.
I do not think this bug is causing any problem in internal oxc crates. However, Codegen and both problematic methods are publically available to anyone using oxc_codegen, and this could introduce unsound code into their projects.
Example:
use oxc::codegen::Codegen;letmut code = Codegen::new();
code.push_char(0xFF);// past ASCII char boundary for single-byte UTF-8 code pointslet invalid = code.into_source_string();
The text was updated successfully, but these errors were encountered:
# What This PR Does
Adds `CodeBuffer`, a simple wrapper over a `Vec<u8>` with a protective and reduced API for upholding UTF-8 validity guarantees. Closes#6147.
Note that this struct is actually quite small. Most of the added lines are doc comments.
Codegen::print_char
, a public API, can be used to construct invalid UTF-8 in safe code. WhenCodegen::into_source_text
gets called,String::from_utf8_unchecked
's invariants will not be upheld, producing undefined behavior.I do not think this bug is causing any problem in internal oxc crates. However,
Codegen
and both problematic methods are publically available to anyone usingoxc_codegen
, and this could introduce unsound code into their projects.Example:
The text was updated successfully, but these errors were encountered: