From 1363312f2012fdc9391b4ff6d3387b1826e00702 Mon Sep 17 00:00:00 2001 From: scw Date: Thu, 17 Aug 2023 15:36:26 +0800 Subject: [PATCH] fixed 664062a from https://gitee.com/su-chongwei/third_party_jerryscript/pulls/120 fix CVE-2020-24187 by offical patch issue:https://gitee.com/openharmony/third_party_jerryscript/issues/I7TYYX Signed-off-by: scw --- jerry-core/ecma/base/ecma-module.c | 89 ++++++++++++++----------- tests/jerry/es.next/module-export-08.js | 17 +++++ tests/jerry/es.next/module-import-05.js | 20 ++++++ 3 files changed, 86 insertions(+), 40 deletions(-) create mode 100644 tests/jerry/es.next/module-export-08.js create mode 100644 tests/jerry/es.next/module-import-05.js diff --git a/jerry-core/ecma/base/ecma-module.c b/jerry-core/ecma/base/ecma-module.c index 424f8c8a..fc1c7bdb 100644 --- a/jerry-core/ecma/base/ecma-module.c +++ b/jerry-core/ecma/base/ecma-module.c @@ -469,6 +469,45 @@ ecma_module_resolve_export (ecma_module_t * const module_p, /**< base module */ return ret_value; } /* ecma_module_resolve_export */ +/** + * Evaluates an EcmaScript module. + * + * @return ECMA_VALUE_ERROR - if an error occured + * ECMA_VALUE_EMPTY - otherwise + */ +static ecma_value_t +ecma_module_evaluate (ecma_module_t *module_p) /**< module */ +{ + JERRY_ASSERT (module_p->state >= ECMA_MODULE_STATE_PARSED); + + if (module_p->state >= ECMA_MODULE_STATE_EVALUATING) + { + return ECMA_VALUE_EMPTY; + } + + module_p->state = ECMA_MODULE_STATE_EVALUATING; + module_p->scope_p = ecma_create_decl_lex_env (ecma_get_global_environment ()); + module_p->context_p->parent_p = JERRY_CONTEXT (module_top_context_p); + JERRY_CONTEXT (module_top_context_p) = module_p->context_p; + + ecma_value_t ret_value; + ret_value = vm_run_module (module_p->compiled_code_p, + module_p->scope_p); + + if (!ECMA_IS_VALUE_ERROR (ret_value)) + { + ecma_free_value (ret_value); + ret_value = ECMA_VALUE_EMPTY; + } + + JERRY_CONTEXT (module_top_context_p) = module_p->context_p->parent_p; + + ecma_bytecode_deref (module_p->compiled_code_p); + module_p->state = ECMA_MODULE_STATE_EVALUATED; + + return ret_value; +} /* ecma_module_evaluate */ + /** * Resolves an export and adds it to the modules namespace object, if the export name is not yet handled. * Note: See 15.2.1.16.2 and 15.2.1.18 @@ -483,7 +522,9 @@ ecma_module_namespace_object_add_export_if_needed (ecma_module_t *module_p, /**< JERRY_ASSERT (module_p->namespace_object_p != NULL); ecma_value_t result = ECMA_VALUE_EMPTY; - if (ecma_find_named_property (module_p->namespace_object_p, export_name_p) != NULL) + /* Default exports should not be added to the namespace object. */ + if (ecma_compare_ecma_string_to_magic_id (export_name_p, LIT_MAGIC_STRING_DEFAULT) + || ecma_find_named_property (module_p->namespace_object_p, export_name_p) != NULL) { /* This export name has already been handled. */ return result; @@ -563,6 +604,13 @@ ecma_module_create_namespace_object (ecma_module_t *module_p) /**< module */ continue; } + result = ecma_module_evaluate (current_module_p); + + if (ECMA_IS_VALUE_ERROR (result)) + { + break; + } + if (context_p->local_exports_p != NULL) { /* 15.2.1.16.2 / 5 */ @@ -615,45 +663,6 @@ ecma_module_create_namespace_object (ecma_module_t *module_p) /**< module */ return result; } /* ecma_module_create_namespace_object */ -/** - * Evaluates an EcmaScript module. - * - * @return ECMA_VALUE_ERROR - if an error occured - * ECMA_VALUE_EMPTY - otherwise - */ -static ecma_value_t -ecma_module_evaluate (ecma_module_t *module_p) /**< module */ -{ - JERRY_ASSERT (module_p->state >= ECMA_MODULE_STATE_PARSED); - - if (module_p->state >= ECMA_MODULE_STATE_EVALUATING) - { - return ECMA_VALUE_EMPTY; - } - - module_p->state = ECMA_MODULE_STATE_EVALUATING; - module_p->scope_p = ecma_create_decl_lex_env (ecma_get_global_environment ()); - module_p->context_p->parent_p = JERRY_CONTEXT (module_top_context_p); - JERRY_CONTEXT (module_top_context_p) = module_p->context_p; - - ecma_value_t ret_value; - ret_value = vm_run_module (module_p->compiled_code_p, - module_p->scope_p); - - if (!ECMA_IS_VALUE_ERROR (ret_value)) - { - jerry_release_value (ret_value); - ret_value = ECMA_VALUE_EMPTY; - } - - JERRY_CONTEXT (module_top_context_p) = module_p->context_p->parent_p; - - ecma_bytecode_deref (module_p->compiled_code_p); - module_p->state = ECMA_MODULE_STATE_EVALUATED; - - return ret_value; -} /* ecma_module_evaluate */ - /** * Connects imported values to the current context. * diff --git a/tests/jerry/es.next/module-export-08.js b/tests/jerry/es.next/module-export-08.js new file mode 100644 index 00000000..5453c7fb --- /dev/null +++ b/tests/jerry/es.next/module-export-08.js @@ -0,0 +1,17 @@ +/* Copyright JS Foundation and other contributors, http://js.foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +export * from "./module-export-04.js"; +export let c = 5; diff --git a/tests/jerry/es.next/module-import-05.js b/tests/jerry/es.next/module-import-05.js new file mode 100644 index 00000000..b04277cf --- /dev/null +++ b/tests/jerry/es.next/module-import-05.js @@ -0,0 +1,20 @@ +/* Copyright JS Foundation and other contributors, http://js.foundation + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +import * as f from "./module-export-08.js"; + +assert (f.c === 5) +assert (f.x === 41) +assert (!Object.hasOwnProperty(f, "default")); -- Gitee