Fix out-of-bounds argv access in SNP attestation JS binding (#7818)

Copilot · maxtropets · web-flow · commit c0e8742f2ded · 2026-04-14T17:17:39.000+01:00
Co-authored-by: copilot-swe-agent[bot] &lt;198982749+Copilot@users.noreply.github.com&gt;
Co-authored-by: maxtropets &lt;16566519+maxtropets@users.noreply.github.com&gt;
diff --git a/src/js/extensions/snp_attestation.cpp b/src/js/extensions/snp_attestation.cpp
@@ -61,7 +61,7 @@ namespace ccf::js::extensions
       }
 
       std::optional<std::vector<uint8_t>> uvm_endorsements;
-      if (JS_IsUndefined(argv[2]) == 0)
+      if (argc >= 3 && JS_IsUndefined(argv[2]) == 0)
       {
         size_t uvm_endorsements_size = 0;
         uint8_t* uvm_endorsements_array =
@@ -76,7 +76,7 @@ namespace ccf::js::extensions
       }
 
       std::optional<std::string> endorsed_tcb;
-      if (JS_IsUndefined(argv[3]) == 0)
+      if (argc >= 4 && JS_IsUndefined(argv[3]) == 0)
       {
         endorsed_tcb = jsctx.to_str(argv[3]);
         if (!endorsed_tcb)

Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,7 @@ namespace ccf::js::extensions`
`61`	`61`	`}`
`62`	`62`
`63`	`63`	`std::optional<std::vector<uint8_t>> uvm_endorsements;`
`64`		`- if (JS_IsUndefined(argv[2]) == 0)`
	`64`	`+ if (argc >= 3 && JS_IsUndefined(argv[2]) == 0)`
`65`	`65`	`{`
`66`	`66`	`size_t uvm_endorsements_size = 0;`
`67`	`67`	`uint8_t* uvm_endorsements_array =`
`@@ -76,7 +76,7 @@ namespace ccf::js::extensions`
`76`	`76`	`}`
`77`	`77`
`78`	`78`	`std::optional<std::string> endorsed_tcb;`
`79`		`- if (JS_IsUndefined(argv[3]) == 0)`
	`79`	`+ if (argc >= 4 && JS_IsUndefined(argv[3]) == 0)`
`80`	`80`	`{`
`81`	`81`	`endorsed_tcb = jsctx.to_str(argv[3]);`
`82`	`82`	`if (!endorsed_tcb)`