Check interrupts in runtime BigInt parser

The BigInt constructor has quadratic complexity while parsing strings, and the input is unbounded. Interrupts should be checked during this operation to ensure the host has control over runaway execution. Change-Id: I15db9adeeafadc7b866a395dd8263aa8c2109ce8 Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2384166 Reviewed-by: Jakob Kummerow <jkummerow@chromium.org> Commit-Queue: Jakob Kummerow <jkummerow@chromium.org> Cr-Commit-Position: refs/heads/master@{#69679}
2020-08-31 12:38:22 -05:00 · 2020-08-31 12:38:22 -05:00 · 825c61d8b4
commit 825c61d8b4
parent 018e370041
2 changed files with 21 additions and 1 deletions
--- a/1
+++ b/1
@ -135,6 +135,7 @@ Loo Rong Jie <loorongjie@gmail.com>
 Luis Reis <luis.m.reis@gmail.com>
 Luke Zarko <lukezarko@gmail.com>
 Maciej Małecki <me@mmalecki.com>
+Marcel Laverdet <marcel@laverdet.com>
 Marcin Cieślak <saper@marcincieslak.com>
 Marcin Wiącek <marcin@mwiacek.com>
 Martin Bidlingmaier <martin.bidlingmaier@gmail.com>
--- a/src/numbers/conversions.cc
+++ b/src/numbers/conversions.cc
@ -246,6 +246,7 @@ class StringToIntHelper {
  void set_state(State state) { state_ = state; }

 private:
+  bool CheckTermination();
  template <class Char>
  void DetectRadixInternal(Char current, int length);
  template <class Char>
@ -295,6 +296,18 @@ void StringToIntHelper<LocalIsolate>::ParseInt() {
  DCHECK_NE(state_, State::kRunning);
 }

+template <typename LocalIsolate>
+bool StringToIntHelper<LocalIsolate>::CheckTermination() {
+  return false;
+}
+
+template <>
+bool StringToIntHelper<Isolate>::CheckTermination() {
+  StackLimitCheck interrupt_check(isolate());
+  return interrupt_check.InterruptRequested() &&
+         isolate()->stack_guard()->HandleInterrupts().IsException(isolate());
+}
+
 template <typename LocalIsolate>
 template <class Char>
 void StringToIntHelper<LocalIsolate>::DetectRadixInternal(Char current,
@ -378,8 +391,9 @@ void StringToIntHelper<LocalIsolate>::DetectRadixInternal(Char current,
 template <typename LocalIsolate>
 template <class Char>
 void StringToIntHelper<LocalIsolate>::ParseInternal(Char start) {
+  int length = length_;
  Char current = start + cursor_;
-  Char end = start + length_;
+  Char end = start + length;

  // The following code causes accumulating rounding error for numbers greater
  // than ~2^56. It's explicitly allowed in the spec: "if R is not 2, 4, 8, 10,
@ -433,6 +447,11 @@ void StringToIntHelper<LocalIsolate>::ParseInternal(Char start) {

    // Update the value and skip the part in the string.
    ResultMultiplyAdd(multiplier, part);
+
+    // Check for interrupts while parsing very large strings
+    if (length > 25000 && CheckTermination()) {
+      return set_state(State::kError);
+    }
  } while (!done);

  if (!allow_trailing_junk_ && AdvanceToNonspace(&current, end)) {