mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2026-06-27 19:51:03 +00:00
2782fa1559
Until now the validator passed `u32::MAX` as the argument-region upper bound because nothing on Executable tracked how many argument slots a given bytecode buffer might reference. That left the largest validation hole open: any flat operand index above `registers + locals + constants` slid through the check. The Rust assembler already walks every operand during phase 1 so it can offset each one into the runtime's flat layout. This commit piggybacks on that walk to record the highest `Operand::argument` index touched and surfaces `(max + 1)` (or zero if no argument is ever referenced) on `AssembledBytecode`. The value rides through `FFIExecutableData` onto a new `Executable::number_of_arguments` field, which `Validator.cpp` then feeds into `FFIValidatorBounds`. The bound is now tight: every operand index in the encoded stream is range-checked against the actual runtime array size, including the argument region. |
||
|---|---|---|
| .. | ||
| AsmInterpreter | ||
| BasicBlock.cpp | ||
| BasicBlock.h | ||
| BuiltinAbstractOperationsEnabled.h | ||
| Builtins.h | ||
| Bytecode.def | ||
| ClassBlueprint.h | ||
| Debug.h | ||
| Executable.cpp | ||
| Executable.h | ||
| FormatOperand.h | ||
| IdentifierTable.cpp | ||
| IdentifierTable.h | ||
| Instruction.cpp | ||
| Instruction.h | ||
| Interpreter.cpp | ||
| Label.cpp | ||
| Label.h | ||
| Operand.h | ||
| PropertyAccess.h | ||
| PropertyKeyTable.cpp | ||
| PropertyKeyTable.h | ||
| PropertyNameIterator.cpp | ||
| PropertyNameIterator.h | ||
| PutKind.h | ||
| RegexTable.cpp | ||
| RegexTable.h | ||
| Register.h | ||
| StringTable.cpp | ||
| StringTable.h | ||
| Validator.cpp | ||
| Validator.h | ||