[sandbox] Harden BigIntLiteralToDecimal... [v8/v8 : main]

0 views
Skip to first unread message

Jakob Kummerow (Gerrit)

unread,
3:30 PM (6 hours ago) 3:30 PM
to Jakob Kummerow, Toon Verwaest, Samuel Groß, marja...@chromium.org, v8-re...@googlegroups.com
Attention needed from Toon Verwaest

Jakob Kummerow voted and added 5 comments

Votes added by Jakob Kummerow

Auto-Submit+1
Commit-Queue+1

5 comments

Patchset-level comments
File-level comment, Patchset 1 (Latest):
Jakob Kummerow . resolved

Toon: PTAL, since you are conveniently an OWNER of both `parsing` and `sandbox`.

Samuel: FYI.

File src/bigint/tostring.cc
Line 197, Patchset 1 (Latest): for (uint32_t i = 0; i < chunk_chars_; i++) {
Jakob Kummerow . resolved

All of the changes in this file are just cleanup.

Line 344, Patchset 1 (Latest): CHECK(char_count_ < std::numeric_limits<uint32_t>::max() / 2);
Jakob Kummerow . resolved

This is not a tight bound for avoiding OOB writes into `out_`, but it doesn't hurt to protect the multiplication on line 340 in the _next_ call to this constructor against overflow.
I don't feel strongly about this; we could drop it or downgrade it to a `DCHECK`; but this code is sufficiently non-performance-critical that we can easily afford a `CHECK` here.

File src/numbers/conversions.cc
Line 1066, Patchset 1 (Latest): SandboxChars out(SandboxAllocArray<uint8_t>(1));
Jakob Kummerow . resolved

I was really tempted to craft a little helper for inline/on-stack storage here; but if we want to actually sandboxify stuff, we can't avoid this.

File src/parsing/parser.cc
Line 426, Patchset 1 (Latest): auto [decimal, length] = BigIntLiteralToDecimal(local_isolate_, literal);
Jakob Kummerow . resolved

Drive-by performance tuning: by passing along the `length` here (which the producer of the string knows anyway), we avoid a `strlen()` call in the `char*`-consuming `GetOneByteString` overload.

Open in Gerrit

Related details

Attention is currently required from:
  • Toon Verwaest
Submit Requirements:
  • requirement is not satisfiedCode-Owners
  • requirement is not satisfiedCode-Review
  • requirement is not satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: v8/v8
Gerrit-Branch: main
Gerrit-Change-Id: I61496cb57c3685295643f1d90575cd6d26c1051f
Gerrit-Change-Number: 7860144
Gerrit-PatchSet: 1
Gerrit-Owner: Jakob Kummerow <jkum...@chromium.org>
Gerrit-Reviewer: Jakob Kummerow <jkum...@chromium.org>
Gerrit-Reviewer: Toon Verwaest <verw...@chromium.org>
Gerrit-CC: Samuel Groß <sa...@chromium.org>
Gerrit-Attention: Toon Verwaest <verw...@chromium.org>
Gerrit-Comment-Date: Tue, 19 May 2026 19:30:33 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
unsatisfied_requirement
open
diffy
Reply all
Reply to author
Forward
0 new messages