From ad2c9fbc73aa53795aef01de1541cb646de89b46 Mon Sep 17 00:00:00 2001 From: xingshunxiang Date: Wed, 25 Jun 2025 21:03:25 +0800 Subject: [PATCH] Fix bugs from fuzzer Issue: https://gitee.com/openharmony/arkcompiler_ets_frontend/issues/ICHTYA?from=project-issue Description: some bugs from fuzzer Reason: 1. in case1, when ParseAnnotation property, the while loop dose not check the EOS token, when so cause the endless loop. 2. in case2, when handle -2147483648 / -1, the int32 overflow cause the crash, now fix it Tests: ninja tests passed tests/tests-u-runner/runner.sh --ets-cts --show-progress --build-dir x64.release --processes=all passed tests/tests-u-runner/runner.sh --ets-func-tests --show-progress --build-dir x64.release --processes=all passed tests/tests-u-runner/runner.sh --astchecker --show-progress --build-dir x64.release --processes=all passed tests/tests-u-runner/runner.sh --ets-runtime --show-progress --build-dir x64.release --processes=all passed tests/tests-u-runner/runner.sh --parser --no-js --show-progress --build-dir x64.release --processes=all passed Signed-off-by: xingshunxiang --- .../ets/constantExpressionLowering.cpp | 8 +++++++- ets2panda/parser/ETSparserAnnotations.cpp | 3 ++- .../ast/compiler/ets/parser_annotation_n.ets | 19 +++++++++++++++++++ ets2panda/test/runtime/ets/MaxBoundInt.ets | 17 +++++++++++++++++ 4 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 ets2panda/test/ast/compiler/ets/parser_annotation_n.ets create mode 100644 ets2panda/test/runtime/ets/MaxBoundInt.ets diff --git a/ets2panda/compiler/lowering/ets/constantExpressionLowering.cpp b/ets2panda/compiler/lowering/ets/constantExpressionLowering.cpp index 57b3ae2698..13aafc786b 100644 --- a/ets2panda/compiler/lowering/ets/constantExpressionLowering.cpp +++ b/ets2panda/compiler/lowering/ets/constantExpressionLowering.cpp @@ -581,6 +581,10 @@ static TargetType PerformMultiplicativeOperation(TargetType leftNum, TargetType { auto isForbiddenZeroDivision = [&rightNum]() { return std::is_integral_v && rightNum == 0; }; auto isFloatZeroDevision = [&rightNum]() { return std::is_floating_point_v && rightNum == 0; }; + auto isIntegralDivideResOverflow = [&rightNum, &leftNum]() { + // Note: Handle corner cases + return std::is_integral_v && leftNum == std::numeric_limits::min() && rightNum == -1; + }; auto opType = expr->OperatorType(); switch (opType) { case lexer::TokenType::PUNCTUATOR_MULTIPLY: { @@ -597,7 +601,9 @@ static TargetType PerformMultiplicativeOperation(TargetType leftNum, TargetType } ES2PANDA_ASSERT(rightNum != 0); - // CC-OFFNXT(G.EXP.22-CPP) false positive + if (isIntegralDivideResOverflow()) { + return std::numeric_limits::min(); + } return leftNum / rightNum; } case lexer::TokenType::PUNCTUATOR_MOD: { diff --git a/ets2panda/parser/ETSparserAnnotations.cpp b/ets2panda/parser/ETSparserAnnotations.cpp index 25c6ec13c3..1f37cf4605 100644 --- a/ets2panda/parser/ETSparserAnnotations.cpp +++ b/ets2panda/parser/ETSparserAnnotations.cpp @@ -114,7 +114,8 @@ ArenaVector ETSParser::ParseAnnotationProperties(ir::ModifierFlag Lexer()->NextToken(lexer::NextTokenFlags::KEYWORD_TO_IDENT); ArenaVector properties(Allocator()->Adapter()); - while (Lexer()->GetToken().Type() != lexer::TokenType::PUNCTUATOR_RIGHT_BRACE) { + while (Lexer()->GetToken().Type() != lexer::TokenType::PUNCTUATOR_RIGHT_BRACE && + Lexer()->GetToken().Type() != lexer::TokenType::EOS) { if ((memberModifiers & ir::ModifierFlags::ANNOTATION_DECLARATION) != 0U && Lexer()->GetToken().Type() == lexer::TokenType::PUNCTUATOR_SEMI_COLON) { Lexer()->NextToken(); // eat ';' diff --git a/ets2panda/test/ast/compiler/ets/parser_annotation_n.ets b/ets2panda/test/ast/compiler/ets/parser_annotation_n.ets new file mode 100644 index 0000000000..32781a0e03 --- /dev/null +++ b/ets2panda/test/ast/compiler/ets/parser_annotation_n.ets @@ -0,0 +1,19 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +@interface /* @@ label1 */� + +/* @@@ label1 Error SyntaxError: Unexpected token, expected an identifier. */ +/* @@? 20:1 Error SyntaxError: Expected '{', got 'end of stream'. */ diff --git a/ets2panda/test/runtime/ets/MaxBoundInt.ets b/ets2panda/test/runtime/ets/MaxBoundInt.ets new file mode 100644 index 0000000000..b03c7c4655 --- /dev/null +++ b/ets2panda/test/runtime/ets/MaxBoundInt.ets @@ -0,0 +1,17 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +arktest.assertEQ(-2147483648 / -1, -2147483648) +arktest.assertEQ(-9223372036854775808 / -1, -9223372036854775808) -- Gitee