mirrors/bun.sh
1
0
Fork 0
mirror of https://github.com/oven-sh/bun synced 2026-02-16 22:01:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix crash in Bun.escapeHTML (#9619)

Browse Source 
Co-authored-by: Jarred Sumner <709451+Jarred-Sumner@users.noreply.github.com>
This commit is contained in:
Jarred Sumner
2024-03-25 14:37:20 -07:00
committed by GitHub
parent 43ab5313da
commit d9b7b45080
2 changed files with 20 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
src/string_immutable.zig
View File

@@ -2493,8 +2493,8 @@ pub fn elementLengthLatin1IntoUTF16(comptime Type: type, latin1_: Type) usize {
pub fn escapeHTMLForLatin1Input(allocator: std.mem.Allocator, latin1: []const u8) !Escaped(u8) {
const Scalar = struct {
pub const lengths: [std.math.maxInt(u8)]u4 = brk: {
var values: [std.math.maxInt(u8)]u4 = undefined;
pub const lengths: [std.math.maxInt(u8) + 1]u4 = brk: {
var values: [std.math.maxInt(u8) + 1]u4 = undefined;
for (values, 0..) |_, i| {
switch (i) {
'"' => {
@@ -2833,8 +2833,8 @@ fn Escaped(comptime T: type) type {
pub fn escapeHTMLForUTF16Input(allocator: std.mem.Allocator, utf16: []const u16) !Escaped(u16) {
const Scalar = struct {
pub const lengths: [std.math.maxInt(u8)]u4 = brk: {
var values: [std.math.maxInt(u8)]u4 = undefined;
pub const lengths: [std.math.maxInt(u8) + 1]u4 = brk: {
var values: [std.math.maxInt(u8) + 1]u4 = undefined;
for (values, 0..) |_, i| {
values[i] = switch (i) {
'"' => "&quot;".len,
@@ -3062,7 +3062,7 @@ pub fn escapeHTMLForUTF16Input(allocator: std.mem.Allocator, utf16: []const u16)
break :scan_and_allocate_lazily;
},
128...std.math.maxInt(u16) => {
const cp = utf16Codepoint([]const u16, ptr[0..2]);
const cp = utf16Codepoint([]const u16, ptr[0..if (ptr + 1 == end) 1 else 2]);
ptr += @as(u16, cp.len);
},
@@ -3096,7 +3096,7 @@ pub fn escapeHTMLForUTF16Input(allocator: std.mem.Allocator, utf16: []const u16)
ptr += 1;
},
128...std.math.maxInt(u16) => {
const cp = utf16Codepoint([]const u16, ptr[0..2]);
const cp = utf16Codepoint([]const u16, ptr[0..if (ptr + 1 == end) 1 else 2]);
buf.appendSlice(ptr[0..@as(usize, cp.len)]) catch unreachable;
ptr += @as(u16, cp.len);

14
test/js/bun/util/escapeHTML.test.js
View File

@@ -88,4 +88,18 @@ describe("escapeHTML", () => {
expect(escapeHTML(" ".repeat(32) + "😊lo")).toBe(" ".repeat(32) + "😊lo");
expect(escapeHTML(" ".repeat(32) + "lo😊")).toBe(" ".repeat(32) + "lo😊");
});
it("bad input doesn't crash", () => {
escapeHTML("a".repeat(512) + String.fromCodePoint(0xd800));
for (let i = 0; i < 768; i++) {
escapeHTML("\xff" + "a".repeat(i));
escapeHTML(String.fromCodePoint(0xd800) + "a".repeat(i));
escapeHTML("a".repeat(i) + String.fromCodePoint(0xd800));
escapeHTML(String.fromCodePoint(0xd800).repeat(i));
escapeHTML("\xff" + String.fromCodePoint(0xd800).repeat(i));
escapeHTML("\xff".repeat(i) + String.fromCodePoint(0xd800));
escapeHTML(String.fromCodePoint(0xd800) + "\xff".repeat(i));
}
});
});