Skip to content

Commit e69f1c9

Browse files
Igor Klemenskifacebook-github-bot
Igor Klemenski
authored and
facebook-github-bot
committed
Fix unsafe cast and detect resize overflow. (#31106)
Summary: Removing unsafe cast from `int` to `uint16_t`. Also, adding code to detect multiplication overflow during buffer resize. ## Changelog <!-- Help reviewers and the release process by writing your own changelog entry. For an example, see: https://github.com/facebook/react-native/wiki/Changelog --> [General] [Fix] - Fix unsafe cast and detect overflow in MapBuffer. Pull Request resolved: #31106 Test Plan: Code compiles in Visual Studio 2019 without the unsafe cast warning (or error depending on the configuration). Reviewed By: mdvacca Differential Revision: D26865138 Pulled By: rozele fbshipit-source-id: 4692a38b05fc873e31fbbe94d70803244e82de5d
1 parent d4d2e90 commit e69f1c9

File tree

2 files changed

+10
-3
lines changed

2 files changed

+10
-3
lines changed

ReactCommon/react/renderer/mapbuffer/MapBuffer.cpp

+8-1
Original file line numberDiff line numberDiff line change
@@ -12,14 +12,21 @@ using namespace facebook::react;
1212
namespace facebook {
1313
namespace react {
1414

15-
MapBuffer::MapBuffer(int initialSize) {
15+
MapBuffer::MapBuffer(uint16_t initialSize) {
1616
_dataSize = initialSize;
1717
_data = new Byte[_dataSize];
1818
// TODO: Should we clean up memory here?
1919
}
2020

2121
void MapBuffer::makeSpace() {
2222
int oldDataSize = _dataSize;
23+
if (_dataSize >= std::numeric_limits<uint16_t>::max() / 2) {
24+
LOG(ERROR)
25+
<< "Error: trying to assign a value beyond the capacity of uint16_t"
26+
<< static_cast<uint32_t>(_dataSize) * 2;
27+
throw "Error: trying to assign a value beyond the capacity of uint16_t" +
28+
std::to_string(static_cast<uint32_t>(_dataSize) * 2);
29+
}
2330
_dataSize *= 2;
2431
uint8_t *_newdata = new Byte[_dataSize];
2532
uint8_t *_oldData = _data;

ReactCommon/react/renderer/mapbuffer/MapBuffer.h

+2-2
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,7 @@ namespace facebook {
1313
namespace react {
1414

1515
// 506 = 5 entries = 50*10 + 6 sizeof(header)
16-
const int INITIAL_SIZE = 506;
16+
constexpr uint16_t INITIAL_SIZE = 506;
1717

1818
/**
1919
* MapBuffer is an optimized map format for transferring data like props between
@@ -46,7 +46,7 @@ class MapBuffer {
4646
public:
4747
MapBuffer() : MapBuffer(INITIAL_SIZE) {}
4848

49-
MapBuffer(int initialSize);
49+
MapBuffer(uint16_t initialSize);
5050

5151
~MapBuffer();
5252

0 commit comments

Comments
 (0)