Skip to content

Commit 7329f5f

Browse files
lxsmnsyclxsmnsyc
committed
binary: add max regexp length
1 parent 6f8ea6d commit 7329f5f

File tree

1 file changed

+14
-1
lines changed

1 file changed

+14
-1
lines changed

packages/seroval/src/binary/deserializer.ts

Lines changed: 14 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
import { ALL_ENABLED, Feature } from '../core/compat';
12
import {
23
BIG_INT_TYPED_ARRAY_CONSTRUCTOR,
34
type BigIntTypedArrayTag,
@@ -36,11 +37,15 @@ import {
3637
import { SerovalEndianness, SerovalNodeType } from './nodes';
3738
import type { Plugin } from './plugin';
3839

40+
const MAX_REGEXP_SOURCE_LENGTH = 20_000;
41+
3942
export interface DeserializerContextOptions {
4043
read(): Promise<Uint8Array | undefined>;
4144
onError(error: unknown): void;
4245
refs: Map<number, { value: unknown }>;
4346
plugins?: Plugin<any, any>[];
47+
disabledFeatures?: number;
48+
features?: number;
4449
}
4550

4651
export interface DeserializerContext {
@@ -54,6 +59,7 @@ export interface DeserializerContext {
5459
marker: Map<number, SerovalNodeType>;
5560
resolvers: Map<number, PromiseConstructorResolver>;
5661
endianness: SerovalEndianness;
62+
features: number;
5763
}
5864

5965
export function createDeserializerContext(
@@ -69,6 +75,7 @@ export function createDeserializerContext(
6975
marker: new Map(),
7076
resolvers: new Map(),
7177
endianness: SerovalEndianness.LE,
78+
features: options.features ?? ALL_ENABLED ^ (options.disabledFeatures || 0),
7279
};
7380
}
7481

@@ -140,7 +147,7 @@ async function deserializeNumberValue(
140147
}
141148

142149
async function deserializePreamble(ctx: DeserializerContext) {
143-
ctx.endianness = await deserializeByte(ctx) as SerovalEndianness;
150+
ctx.endianness = (await deserializeByte(ctx)) as SerovalEndianness;
144151
}
145152

146153
async function deserializeId(
@@ -446,8 +453,14 @@ async function deserializePromiseFailure(ctx: DeserializerContext) {
446453
}
447454

448455
async function deserializeRegExp(ctx: DeserializerContext) {
456+
if (!(ctx.features & Feature.RegExp)) {
457+
throw new SerovalMalformedBinaryError();
458+
}
449459
const id = await deserializeId(ctx, SerovalNodeType.RegExp);
450460
const pattern = (await deserializeRef(ctx)).value as string;
461+
if (pattern.length > MAX_REGEXP_SOURCE_LENGTH) {
462+
throw new SerovalMalformedBinaryError();
463+
}
451464
const flags = (await deserializeRef(ctx)).value as string;
452465
upsert(ctx, id, new RegExp(pattern, flags));
453466
}

0 commit comments

Comments
 (0)