Fix buffer overflow error in builtinHelperFileRead method

Signed-off-by: HyukWoo Park <[email protected]>
Samsung · Mar 15, 2024 · 5ee4a5b · 5ee4a5b
1 parent bccdc42
commit 5ee4a5b
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 8 deletions.
diff --git a/build/android/escargot/src/main/cpp/JNIGlobals.cpp b/build/android/escargot/src/main/cpp/JNIGlobals.cpp
@@ -86,12 +86,17 @@ static OptionalRef<StringRef> builtinHelperFileRead(OptionalRef<ExecutionStateRe
         }
         return src;
     } else {
-        char msg[1024];
-        snprintf(msg, sizeof(msg), "GlobalObject.%s: cannot open file %s", builtinName, fileName);
         if (state) {
-            state->throwException(URIErrorObjectRef::create(state.get(), StringRef::createFromUTF8(msg, strnlen(msg, sizeof msg))));
+            const size_t maxNameLength = 990;
+            if ((strnlen(builtinName, maxNameLength) + strnlen(fileName, maxNameLength)) < maxNameLength) {
+                char msg[1024];
+                snprintf(msg, sizeof(msg), "GlobalObject.%s: cannot open file %s", builtinName, fileName);
+                state->throwException(URIErrorObjectRef::create(state.get(), StringRef::createFromUTF8(msg, strnlen(msg, sizeof msg))));
+            } else {
+                state->throwException(URIErrorObjectRef::create(state.get(), StringRef::createFromASCII("invalid file name")));
+            }
         } else {
-            LOGD("%s", msg);
+            LOGE("%s", fileName);
         }
         return nullptr;
     }

diff --git a/src/shell/Shell.cpp b/src/shell/Shell.cpp
@@ -251,12 +251,17 @@ static OptionalRef<StringRef> builtinHelperFileRead(OptionalRef<ExecutionStateRe
         }
         return src;
     } else {
-        char msg[1024];
-        snprintf(msg, sizeof(msg), "GlobalObject.%s: cannot open file %s", builtinName, fileName);
         if (state) {
-            state->throwException(URIErrorObjectRef::create(state.get(), StringRef::createFromUTF8(msg, strnlen(msg, sizeof msg))));
+            const size_t maxNameLength = 990;
+            if ((strnlen(builtinName, maxNameLength) + strnlen(fileName, maxNameLength)) < maxNameLength) {
+                char msg[1024];
+                snprintf(msg, sizeof(msg), "GlobalObject.%s: cannot open file %s", builtinName, fileName);
+                state->throwException(URIErrorObjectRef::create(state.get(), StringRef::createFromUTF8(msg, strnlen(msg, sizeof msg))));
+            } else {
+                state->throwException(URIErrorObjectRef::create(state.get(), StringRef::createFromASCII("invalid file name")));
+            }
         } else {
-            puts(msg);
+            puts(fileName);
         }
         return nullptr;
     }