From 77149881309ba00bac2f53ed8c82f9fb1bd6a276 Mon Sep 17 00:00:00 2001 From: Kevin Cadieux Date: Sat, 8 May 2021 23:46:05 -0700 Subject: [PATCH 1/3] Fixing a buffer overflow bug where a pointer to type of size 1 is reinterpret-casted into a pointer to bigger type, then dereferenced. --- lib/Common/DataStructures/FixedBitVector.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/Common/DataStructures/FixedBitVector.h b/lib/Common/DataStructures/FixedBitVector.h index cc28b7948af..8ba97b9c30f 100644 --- a/lib/Common/DataStructures/FixedBitVector.h +++ b/lib/Common/DataStructures/FixedBitVector.h @@ -250,9 +250,10 @@ void BVFixed::SetRange(Container* value, BVIndex start, BVIndex len) BVUnit::BVUnitTContainer* bits; static_assert(sizeof(Container) == 1 || sizeof(Container) == sizeof(BVUnit::BVUnitTContainer), "Container is not suitable to represent the calculated value"); - if (sizeof(BVUnit::BVUnitTContainer) == 1) + if (sizeof(Container) == 1) { - temp = *((BVUnit::BVUnitTContainer*)value); + static_assert(sizeof(byte) == 1, "Size of byte should be 1."); + temp = *(byte*)value; bits = &temp; } else From 0c5b37603627075832b4a46ca4fb02178d8bcf6f Mon Sep 17 00:00:00 2001 From: Kevin Cadieux Date: Mon, 10 May 2021 23:17:58 -0700 Subject: [PATCH 2/3] Fixing copyright. --- lib/Common/DataStructures/FixedBitVector.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/Common/DataStructures/FixedBitVector.h b/lib/Common/DataStructures/FixedBitVector.h index 8ba97b9c30f..fb348ba6465 100644 --- a/lib/Common/DataStructures/FixedBitVector.h +++ b/lib/Common/DataStructures/FixedBitVector.h @@ -1,5 +1,6 @@ //------------------------------------------------------------------------------------------------------- -// Copyright (C) Microsoft. All rights reserved. +// Copyright (C) Microsoft Corporation and contributors. All rights reserved. +// Copyright (c) 2021 ChakraCore Project Contributors. All rights reserved. // Licensed under the MIT license. See LICENSE.txt file in the project root for full license information. //------------------------------------------------------------------------------------------------------- #pragma once From 7502eaff24be7f90bdb56c7779b6bd07659bcd0d Mon Sep 17 00:00:00 2001 From: Kevin Cadieux Date: Wed, 19 May 2021 16:05:46 -0700 Subject: [PATCH 3/3] Adding my name to the Contributor Agreement. --- ContributionAgreement.md | 1 + 1 file changed, 1 insertion(+) diff --git a/ContributionAgreement.md b/ContributionAgreement.md index 14ae2710dfb..4b238d82cbc 100644 --- a/ContributionAgreement.md +++ b/ContributionAgreement.md @@ -40,3 +40,4 @@ This agreement has been signed by: |Yevhen Lukomskyi|ylukomskyi| |Evgeniy Istomin|MadProbe| |Wenlu Wang| Kingwl| +|Kevin Cadieux|kevcadieux|