Merge branch 'quickjs-ng:master' into master

Author: G-Yong

CMakeLists.txt

@@ -108,7 +108,7 @@ if(NOT SUNOS)
 xcheck_add_c_compiler_flag(-funsigned-char)
 endif()
 
-# Clang on Windows without MSVC command line fails because the codebase uses 
+# Clang on Windows without MSVC command line fails because the codebase uses
 # functions like strcpy over strcpy_s
 if(CMAKE_C_COMPILER_ID STREQUAL "Clang" AND WIN32 AND NOT MSVC)
     add_compile_definitions(_CRT_SECURE_NO_WARNINGS)
@@ -555,11 +555,11 @@ if (QJS_ENABLE_INSTALL)
         install(TARGETS qjs_exe RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
         install(TARGETS qjsc RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR})
     endif()
-    install(TARGETS qjs EXPORT quickjsConfig
+    install(TARGETS qjs EXPORT qjsConfig
             RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
             LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
             ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR})
-    install(EXPORT quickjsConfig DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/quickjs)
+    install(EXPORT qjsConfig DESTINATION ${CMAKE_INSTALL_LIBDIR}/cmake/qjs)
     install(FILES LICENSE DESTINATION ${CMAKE_INSTALL_DOCDIR})
     install(DIRECTORY examples DESTINATION ${CMAKE_INSTALL_DOCDIR})
 endif()

api-test.c

@@ -486,6 +486,17 @@ static void utf16_string(void)
         JS_FreeCStringUTF16(ctx, u);
         JS_FreeValue(ctx, v);
     }
+    {
+        JSValue v = JS_NewStringUTF16(ctx, NULL, (size_t)INT_MAX + 1);
+        assert(JS_IsException(v));
+        JSValue e = JS_GetException(ctx);
+        assert(JS_IsError(e));
+        const char *s = JS_ToCString(ctx, e);
+        assert(s);
+        assert(strstr(s, "invalid string length") != NULL);
+        JS_FreeCString(ctx, s);
+        JS_FreeValue(ctx, e);
+    }
     JS_FreeContext(ctx);
     JS_FreeRuntime(rt);
 }
@@ -765,6 +776,37 @@ static void new_errors(void)
     JS_FreeRuntime(rt);
 }
 
+static void backtrace_oom_current_exception(void)
+{
+    static const char setup_code[] =
+        "globalThis.f = function() { missing; };\n"
+        "Object.defineProperty(f, 'name', { value: 'x'.repeat(2 * 1024 * 1024) });";
+    JSMemoryUsage stats;
+    JSValue ret, exception;
+    JSRuntime *rt;
+    JSContext *ctx;
+
+    rt = new_runtime();
+    ctx = JS_NewContext(rt);
+
+    ret = eval(ctx, setup_code);
+    assert(!JS_IsException(ret));
+    JS_FreeValue(ctx, ret);
+
+    JS_ComputeMemoryUsage(rt, &stats);
+    JS_SetMemoryLimit(rt, (size_t)stats.malloc_size + 128 * 1024);
+
+    ret = eval(ctx, "f()");
+    assert(JS_IsException(ret));
+    assert(JS_HasException(ctx));
+    exception = JS_GetException(ctx);
+    JS_FreeValue(ctx, exception);
+    JS_SetMemoryLimit(rt, 0);
+
+    JS_FreeContext(ctx);
+    JS_FreeRuntime(rt);
+}
+
 static int gop_get_own_property(JSContext *ctx, JSPropertyDescriptor *desc,
                                 JSValueConst obj, JSAtom prop)
 {
@@ -1167,6 +1209,7 @@ int main(void)
     promise_hook();
     dump_memory_usage();
     new_errors();
+    backtrace_oom_current_exception();
     global_object_prototype();
     slice_string_tocstring();
     immutable_array_buffer();

docs/docs/diff.md

@@ -23,7 +23,7 @@ average of a new release every 2 months.
 Since its inception testing has been a focus. Each PR is tested in over 50 configurations,
 involving different operating systems, build types and sanitizers.
 
-The `test262` suite is also ran for every change.
+The `test262` suite is also run for every change.
 
 ## Cross-platform support
 

quickjs.c

@@ -1549,6 +1549,12 @@ static JSValue js_number(double d)
         return js_float64(d);
 }
 
+static JSValue __JS_NewShortBigInt(JSContext *ctx, int32_t d)
+{
+    (void)&ctx;
+    return JS_MKVAL(JS_TAG_SHORT_BIG_INT, d);
+}
+
 JSValue JS_NewNumber(JSContext *ctx, double d)
 {
     return js_number(d);
@@ -4549,6 +4555,8 @@ JSValue JS_NewStringUTF16(JSContext *ctx, const uint16_t *buf, size_t len)
 
     if (unlikely(!len))
         return js_empty_string(ctx->rt);
+    if (unlikely(len > JS_STRING_LEN_MAX))
+        return JS_ThrowRangeError(ctx, "invalid string length");
 
     str = js_alloc_string(ctx, len, 1);
     if (unlikely(!str))
@@ -7899,7 +7907,7 @@ static void build_backtrace(JSContext *ctx, JSValueConst error_val,
                             int line_num, int col_num, int backtrace_flags)
 {
     JSStackFrame *sf, *sf_start;
-    JSValue stack, prepare, saved_exception;
+    JSValue stack, prepare, saved_exception, error_obj;
     DynBuf dbuf;
     const char *func_name_str;
     const char *str1;
@@ -7916,6 +7924,7 @@ static void build_backtrace(JSContext *ctx, JSValueConst error_val,
     if (rt->in_build_stack_trace)
         return;
     rt->in_build_stack_trace = true;
+    error_obj = js_dup(error_val);
 
     // Save exception because conversion to double may fail.
     saved_exception = JS_GetException(ctx);
@@ -8061,7 +8070,7 @@ static void build_backtrace(JSContext *ctx, JSValueConst error_val,
             JS_FreeValue(ctx, csd[k].func_name);
         }
         JSValueConst args[] = {
-            error_val,
+            error_obj,
             stack,
         };
         JSValue stack2 = JS_Call(ctx, prepare, ctx->error_ctor, countof(args), args);
@@ -8082,13 +8091,14 @@ static void build_backtrace(JSContext *ctx, JSValueConst error_val,
 
     if (JS_IsUndefined(ctx->error_back_trace))
         ctx->error_back_trace = js_dup(stack);
-    if (has_filter_func || can_add_backtrace(error_val)) {
-        JS_DefinePropertyValue(ctx, error_val, JS_ATOM_stack, stack,
+    if (has_filter_func || can_add_backtrace(error_obj)) {
+        JS_DefinePropertyValue(ctx, error_obj, JS_ATOM_stack, stack,
                                JS_PROP_WRITABLE | JS_PROP_CONFIGURABLE);
     } else {
         JS_FreeValue(ctx, stack);
     }
 
+    JS_FreeValue(ctx, error_obj);
     rt->in_build_stack_trace = false;
 }
 
@@ -40444,7 +40454,7 @@ JSValue JS_ToObject(JSContext *ctx, JSValueConst val)
             if (!JS_IsException(obj)) {
                 JS_DefinePropertyValue(ctx, obj, JS_ATOM_length,
                                        JS_NewInt32(ctx, JS_VALUE_GET_STRING(str)->len), 0);
-                JS_SetObjectData(ctx, obj, JS_DupValue(ctx, str));
+                JS_SetObjectData(ctx, obj, js_dup(str));
             }
             JS_FreeValue(ctx, str);
             return obj;

quickjs.h

@@ -224,12 +224,6 @@ static inline JSValue __JS_NewFloat64(double d)
     return JS_MKVAL(JS_TAG_FLOAT64, (int)d);
 }
 
-static inline JSValue __JS_NewShortBigInt(JSContext *ctx, int32_t d)
-{
-    (void)&ctx;
-    return JS_MKVAL(JS_TAG_SHORT_BIG_INT, d);
-}
-
 static inline bool JS_VALUE_IS_NAN(JSValue v)
 {
     (void)&v;
@@ -280,12 +274,6 @@ static inline JSValue __JS_NewFloat64(double d)
     return v;
 }
 
-static inline JSValue __JS_NewShortBigInt(JSContext *ctx, int32_t d)
-{
-    (void)&ctx;
-    return JS_MKVAL(JS_TAG_SHORT_BIG_INT, d);
-}
-
 #define JS_TAG_IS_FLOAT64(tag) ((unsigned)((tag) - JS_TAG_FIRST) >= (JS_TAG_FLOAT64 - JS_TAG_FIRST))
 
 /* same as JS_VALUE_GET_TAG, but return JS_TAG_FLOAT64 with NaN boxing */
@@ -372,15 +360,6 @@ static inline JSValue __JS_NewFloat64(double d)
     return v;
 }
 
-static inline JSValue __JS_NewShortBigInt(JSContext *ctx, int64_t d)
-{
-    (void)&ctx;
-    JSValue v;
-    v.tag = JS_TAG_SHORT_BIG_INT;
-    v.u.short_big_int = d;
-    return v;
-}
-
 static inline bool JS_VALUE_IS_NAN(JSValue v)
 {
     union {
@@ -679,7 +658,7 @@ JS_EXTERN void JS_FreeAtomRT(JSRuntime *rt, JSAtom v);
 JS_EXTERN JSValue JS_AtomToValue(JSContext *ctx, JSAtom atom);
 JS_EXTERN JSValue JS_AtomToString(JSContext *ctx, JSAtom atom);
 JS_EXTERN const char *JS_AtomToCStringLen(JSContext *ctx, size_t *plen, JSAtom atom);
-static inline const char *JS_AtomToCString(JSContext *ctx, JSAtom atom) 
+static inline const char *JS_AtomToCString(JSContext *ctx, JSAtom atom)
 {
     return JS_AtomToCStringLen(ctx, NULL, atom);
 }
@@ -818,6 +797,17 @@ static inline JSValue JS_NewUint32(JSContext *ctx, uint32_t val)
     return v;
 }
 
+static inline JSValue JS_NewUint64(JSContext *ctx, uint64_t val)
+{
+    JSValue v;
+    if (val <= INT32_MAX) {
+        v = JS_NewInt32(ctx, (int32_t)val);
+    } else {
+        v = JS_NewFloat64(ctx, (double)val);
+    }
+    return v;
+}
+
 JS_EXTERN JSValue JS_NewNumber(JSContext *ctx, double d);
 JS_EXTERN JSValue JS_NewBigInt64(JSContext *ctx, int64_t v);
 JS_EXTERN JSValue JS_NewBigUint64(JSContext *ctx, uint64_t v);

tests/bug1498.js

@@ -0,0 +1,30 @@
+import { assert } from "./assert.js";
+
+function test_invalid_number_literal_location()
+{
+    let error;
+    const source =
+        "function fun() {\n" +
+        "    let a = 123bcd;\n" +
+        "}\n";
+
+    try {
+        eval(source);
+    } catch (e) {
+        error = e;
+    }
+
+    assert(error instanceof SyntaxError);
+    assert(error.message, "invalid number literal");
+    assert(error.stack.length >= 1);
+    assert(error.stack[0].getFileName(), "<input>");
+    assert(error.stack[0].getLineNumber(), 2);
+    assert(error.stack[0].getColumnNumber(), 13);
+}
+
+Error.prepareStackTrace = (_, frames) => frames;
+try {
+    test_invalid_number_literal_location();
+} finally {
+    Error.prepareStackTrace = undefined;
+}