From 8b52034101db6d144069bd63b56903bc9ec9be36 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=94=90=E6=9D=B0?= Date: Fri, 8 Aug 2025 15:29:06 +0800 Subject: [PATCH 1/3] =?UTF-8?q?[Bug]:=20=E9=BB=84=E8=93=9D=E5=90=8C?= =?UTF-8?q?=E6=AD=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Issue: https://gitee.com/openharmony/arkcompiler_ets_runtime/issues/ICS2B5 Signed-off-by: 唐杰 --- ecmascript/base/dtoa_helper.cpp | 30 ++++++++++++------------- ecmascript/base/dtoa_helper.h | 6 +++++ ecmascript/builtins/builtins_regexp.cpp | 2 +- 3 files changed, 21 insertions(+), 17 deletions(-) diff --git a/ecmascript/base/dtoa_helper.cpp b/ecmascript/base/dtoa_helper.cpp index b83d140bee..707f6682b4 100644 --- a/ecmascript/base/dtoa_helper.cpp +++ b/ecmascript/base/dtoa_helper.cpp @@ -283,13 +283,13 @@ void DtoaHelper::RoundUp(BufferVector digitsBuffer, int* digitCount, int* } digitsBuffer[(*digitCount) - 1]++; for (int i = (*digitCount) - 1; i > 0; --i) { - if (digitsBuffer[i] != '0' + 10) { + if (digitsBuffer[i] != '0' + DECIMAL_BASE) { return; } digitsBuffer[i] = '0'; digitsBuffer[i - 1]++; } - if (digitsBuffer[0] == '0' + 10) { + if (digitsBuffer[0] == '0' + DECIMAL_BASE) { digitsBuffer[0] = '1'; (*decimalPosition)++; } @@ -300,13 +300,13 @@ void DtoaHelper::FillFractionals(uint64_t fractionalValue, int exponentValue, in { ASSERT(NEGATIVE_128BIT <= exponentValue && exponentValue <= 0); if (-exponentValue <= EXPONENT_64) { - ASSERT((fractionalValue >> 56) == 0); + ASSERT((fractionalValue >> BITS_SHIFT) == 0); int currentPoint = -exponentValue; for (int i = 0; i < fractionalDigitCount; ++i) { if (fractionalValue == 0) { break; } - fractionalValue *= 5; + fractionalValue *= DECIMAL_RADIX_HALF; currentPoint--; int digitValue = static_cast(fractionalValue >> currentPoint); targetBuffer[*totalLength] = '0' + digitValue; @@ -325,7 +325,7 @@ void DtoaHelper::FillFractionals(uint64_t fractionalValue, int exponentValue, in if (fractionalValue128.IsZero()) { break; } - fractionalValue128.Multiply(5); + fractionalValue128.Multiply(DECIMAL_RADIX_HALF); currentPoint--; int digitValue = fractionalValue128.DivModPowerOf2(currentPoint); targetBuffer[*totalLength] = '0' + digitValue; @@ -369,31 +369,29 @@ bool DtoaHelper::FixedDtoa(double value, int fractionalDigitCount, BufferVector< } uint64_t significandValue = NumberHelper::Significand(value); int exponentValue = NumberHelper::Exponent(value); - if (exponentValue > 20) { + if (exponentValue > MAX_FIXED_FORMAT_PRECISION) { return false; } - if (fractionalDigitCount > 20) { + if (fractionalDigitCount > MAX_FIXED_FORMAT_PRECISION) { return false; } *totalLength = 0; if (exponentValue + kDoubleSignificandSize > EXPONENT_64) { - const uint64_t kFive17 = 0xB1'A2BC'2EC5; - uint64_t divisorValue = kFive17; - int divisorPower = 17; + uint64_t divisorValue = KFIVE17; uint64_t dividendValue = significandValue; uint32_t quotientValue; uint64_t remainderValue; - if (exponentValue > divisorPower) { - dividendValue <<= exponentValue - divisorPower; + if (exponentValue > DIVISOR_POWER) { + dividendValue <<= exponentValue - DIVISOR_POWER; quotientValue = static_cast(dividendValue / divisorValue); - remainderValue = (dividendValue % divisorValue) << divisorPower; + remainderValue = (dividendValue % divisorValue) << DIVISOR_POWER; } else { - divisorValue <<= divisorPower - exponentValue; + divisorValue <<= DIVISOR_POWER - exponentValue; quotientValue = static_cast(dividendValue / divisorValue); remainderValue = (dividendValue % divisorValue) << exponentValue; } FillDigits32(quotientValue, outputBuffer, totalLength); - FillDigits64FixedLength(remainderValue, divisorPower, outputBuffer, totalLength); + FillDigits64FixedLength(remainderValue, DIVISOR_POWER, outputBuffer, totalLength); *decimalPointPosition = *totalLength; } else if (exponentValue >= 0) { significandValue <<= exponentValue; @@ -411,7 +409,7 @@ bool DtoaHelper::FixedDtoa(double value, int fractionalDigitCount, BufferVector< FillFractionals(fractionalPart, exponentValue, fractionalDigitCount, outputBuffer, totalLength, decimalPointPosition); } else if (exponentValue < NEGATIVE_128BIT) { - ASSERT(fractionalDigitCount <= 20); + ASSERT(fractionalDigitCount <= MAX_FIXED_FORMAT_PRECISION); outputBuffer[0] = '\0'; *totalLength = 0; *decimalPointPosition = -fractionalDigitCount; diff --git a/ecmascript/base/dtoa_helper.h b/ecmascript/base/dtoa_helper.h index e58f123607..c84a09b278 100644 --- a/ecmascript/base/dtoa_helper.h +++ b/ecmascript/base/dtoa_helper.h @@ -150,6 +150,12 @@ public: static constexpr int EXPONENT_64 = 64; static constexpr int EXPONENT_128 = 128; static constexpr int NEGATIVE_128BIT = -128; + static constexpr uint64_t BITS_SHIFT = 56; + static constexpr uint32_t DECIMAL_BASE = 10; + static constexpr uint64_t DECIMAL_RADIX_HALF = 5; + static constexpr uint64_t KFIVE17 = 0xB1'A2BC'2EC5; + static constexpr int MAX_FIXED_FORMAT_PRECISION = 20; + static constexpr int DIVISOR_POWER = 17; static constexpr uint64_t POW10[] = { 1ULL, 10ULL, 100ULL, 1000ULL, 10000ULL, 100000ULL, 1000000ULL, 10000000ULL, 100000000ULL, 1000000000ULL, 10000000000ULL, 100000000000ULL, 1000000000000ULL, 10000000000000ULL, 100000000000000ULL, 1000000000000000ULL, diff --git a/ecmascript/builtins/builtins_regexp.cpp b/ecmascript/builtins/builtins_regexp.cpp index a7e470d023..8b4007b09a 100644 --- a/ecmascript/builtins/builtins_regexp.cpp +++ b/ecmascript/builtins/builtins_regexp.cpp @@ -533,7 +533,7 @@ JSTaggedValue BuiltinsRegExp::GetSource(EcmaRuntimeCallInfo *argv) const GlobalEnvConstants *globalConst = thread->GlobalConstants(); JSHandle constructorKey = globalConst->GetHandledConstructorString(); JSHandle objConstructor = JSTaggedValue::GetProperty(thread, thisObj, constructorKey).GetValue(); - RETURN_VALUE_IF_ABRUPT_COMPLETION(thread, JSTaggedValue(false)); + RETURN_EXCEPTION_IF_ABRUPT_COMPLETION(thread); JSHandle constructor = GetConstructor(argv); if (objConstructor->IsJSFunction() && constructor->IsJSFunction()) { JSHandle objRealm = JSObject::GetFunctionRealm(thread, objConstructor); -- Gitee From 74086c0923346129e454751a2e6ec062b42f0af4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=94=90=E6=9D=B0?= Date: Tue, 12 Aug 2025 19:49:41 +0800 Subject: [PATCH 2/3] =?UTF-8?q?[Bug]:=20fuzz=E9=97=AE=E9=A2=98=E4=BF=AE?= =?UTF-8?q?=E5=A4=8D?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Issue: https://gitee.com/openharmony/arkcompiler_ets_runtime/issues/ICSMR4 Signed-off-by: 唐杰 --- ecmascript/stubs/runtime_stubs.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ecmascript/stubs/runtime_stubs.cpp b/ecmascript/stubs/runtime_stubs.cpp index 4f213f59f5..6f5cf14534 100644 --- a/ecmascript/stubs/runtime_stubs.cpp +++ b/ecmascript/stubs/runtime_stubs.cpp @@ -4113,6 +4113,9 @@ void RuntimeStubs::SortTypedArray(uintptr_t argGlue, JSTypedArray *typedArray) JSThread *thread = JSThread::GlueToJSThread(argGlue); JSTaggedValue buffer = typedArray->GetViewedArrayBufferOrByteArray(thread); const uint32_t len = typedArray->GetArrayLength(); + if (len == 0) { + return ; + } void *pointer = builtins::BuiltinsArrayBuffer::GetDataPointFromBuffer(thread, buffer); switch (jsType) { case JSType::JS_INT8_ARRAY: -- Gitee From 07cc8ae49f28dab59bef036567366f354c2701e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=94=90=E6=9D=B0?= Date: Tue, 12 Aug 2025 20:02:43 +0800 Subject: [PATCH 3/3] =?UTF-8?q?[Bug]:=20=E9=BB=84=E8=93=9D=E5=90=8C?= =?UTF-8?q?=E6=AD=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Issue: https://gitee.com/openharmony/arkcompiler_ets_runtime/issues/ICS2B5 Signed-off-by: 唐杰 --- ecmascript/stubs/runtime_stubs.cpp | 3 --- 1 file changed, 3 deletions(-) diff --git a/ecmascript/stubs/runtime_stubs.cpp b/ecmascript/stubs/runtime_stubs.cpp index 6f5cf14534..4f213f59f5 100644 --- a/ecmascript/stubs/runtime_stubs.cpp +++ b/ecmascript/stubs/runtime_stubs.cpp @@ -4113,9 +4113,6 @@ void RuntimeStubs::SortTypedArray(uintptr_t argGlue, JSTypedArray *typedArray) JSThread *thread = JSThread::GlueToJSThread(argGlue); JSTaggedValue buffer = typedArray->GetViewedArrayBufferOrByteArray(thread); const uint32_t len = typedArray->GetArrayLength(); - if (len == 0) { - return ; - } void *pointer = builtins::BuiltinsArrayBuffer::GetDataPointFromBuffer(thread, buffer); switch (jsType) { case JSType::JS_INT8_ARRAY: -- Gitee