Skip to content

Commit

Permalink
Merge branch 'NativeScript:main' into main
Browse files Browse the repository at this point in the history
  • Loading branch information
farfromrefug authored Oct 2, 2024
2 parents 083166d + 27eec84 commit 5319d8f
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 4 deletions.
9 changes: 9 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,12 @@
## [8.8.5](https://github.com/NativeScript/android/compare/v8.8.4...v8.8.5) (2024-09-30)


### Bug Fixes

* prevent metadata offset overflow into array space and convert shorts to uints before addition ([9cfc349](https://github.com/NativeScript/android/commit/9cfc3493017243948b043a51f68b7c7bcab1e6b9))



## [8.8.4](https://github.com/NativeScript/android/compare/v8.8.3...v8.8.4) (2024-09-06)


Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{
"name": "@akylas/nativescript-android-runtime",
"description": "NativeScript for Android using v8",
"version": "8.8.4",
"version": "8.8.5",
"repository": {
"type": "git",
"url": "https://github.com/NativeScript/android.git"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -305,7 +305,7 @@ public void writeTree(TreeNode root) throws Exception {
outStringsStream.close();
writeInt(0, outValueStream);

final int array_offset = 1000 * 1000 * 1000;
final int array_offset = Integer.MAX_VALUE; // 2147483647, which is half of uint32

d.push(root);
while (!d.isEmpty()) {
Expand All @@ -328,6 +328,10 @@ public void writeTree(TreeNode root) throws Exception {
throw new Exception("should not happen");
}

if ((n.nodeType & TreeNode.Array) != TreeNode.Array && Integer.toUnsignedLong(n.offsetValue) >= Integer.toUnsignedLong(array_offset)) {
throw new Exception("Non-array metadata has overflown array space. Please report this issue.");
}

d.addAll(n.children);
}

Expand All @@ -339,7 +343,7 @@ public void writeTree(TreeNode root) throws Exception {
TreeNode n = d.pollFirst();

if (n.arrayElement != null) {
n.offsetValue = array_offset + n.arrayElement.id;
n.offsetValue = array_offset + Short.toUnsignedInt(n.arrayElement.id);
}

if (!n.children.isEmpty()) {
Expand Down Expand Up @@ -387,6 +391,8 @@ public void writeTree(TreeNode root) throws Exception {
obj.addProperty("id", Short.toUnsignedInt(n.id));
obj.addProperty("nextSiblingId", Short.toUnsignedInt(n.nextSiblingId));
obj.addProperty("firstChildId", Short.toUnsignedInt(n.firstChildId));
obj.addProperty("offsetName", Integer.toUnsignedLong(n.offsetName));
obj.addProperty("offsetValue", Integer.toUnsignedLong(n.offsetValue));
obj.addProperty("name", n.getName());
obj.addProperty("nodeType", n.nodeType);
rootArray.add(obj);
Expand Down
2 changes: 1 addition & 1 deletion test-app/runtime/src/main/cpp/MetadataReader.h
Original file line number Diff line number Diff line change
Expand Up @@ -167,7 +167,7 @@ class MetadataReader {

private:

static const uint32_t ARRAY_OFFSET = 1000000000;
static const uint32_t ARRAY_OFFSET = INT32_MAX; // 2147483647

MetadataTreeNode* BuildTree();

Expand Down

0 comments on commit 5319d8f

Please sign in to comment.