Check wrong input in Serializer::deserializeFrom

Signed-off-by: Seonghyun Kim <sh8281.kim@samsung.com>

src/api/EscargotPublic.cpp

@@ -5128,6 +5128,10 @@ ValueRef* SerializerRef::deserializeFrom(ContextRef* context, std::istringstream
 {
     std::unique_ptr<SerializedValue> value = Serializer::deserializeFrom(input);
 
+    if (!value) {
+        return ValueRef::createUndefined();
+    }
+
     SandBox sb(toImpl(context));
     auto result = sb.run([](ExecutionState& state, void* data) -> Value {
         std::unique_ptr<SerializedValue>* value = (std::unique_ptr<SerializedValue>*)data;

src/runtime/serialization/SerializedSharedArrayBufferObjectValue.h

@@ -44,17 +44,24 @@ public:
 protected:
     virtual void serializeValueData(std::ostringstream& outputStream) override
     {
-        size_t ptr = reinterpret_cast<size_t>(m_bufferData);
-        outputStream << ptr;
+        outputStream << m_bufferData->byteLength();
+        uint8_t* buffer = reinterpret_cast<uint8_t*>(m_bufferData->data());
+        for (size_t i = 0; i < m_bufferData->byteLength(); i++) {
+            outputStream << buffer[i];
+        }
         outputStream << std::endl;
     }
 
     static std::unique_ptr<SerializedValue> deserializeFrom(std::istringstream& inputStream)
     {
-        size_t ptr;
-        inputStream >> ptr;
-        SharedDataBlockInfo* data = reinterpret_cast<SharedDataBlockInfo*>(ptr);
-        return std::unique_ptr<SerializedValue>(new SerializedSharedArrayBufferObjectValue(data));
+        size_t size;
+        inputStream >> size;
+        BackingStore* bs = SharedBackingStore::createDefaultSharedBackingStore(size);
+        uint8_t* buffer = reinterpret_cast<uint8_t*>(bs->data());
+        for (size_t i = 0; i < size; i++) {
+            inputStream >> buffer[i];
+        }
+        return std::unique_ptr<SerializedValue>(new SerializedSharedArrayBufferObjectValue(bs->sharedDataBlockInfo()));
     }
 
     SerializedSharedArrayBufferObjectValue(SharedDataBlockInfo* bufferData)

src/runtime/serialization/Serializer.cpp

@@ -88,9 +88,8 @@ std::unique_ptr<SerializedValue> Serializer::deserializeFrom(std::istringstream&
         return SerializedSharedArrayBufferObjectValue::deserializeFrom(input);
 #endif
     default:
-        RELEASE_ASSERT_NOT_REACHED();
+        break;
     }
-    RELEASE_ASSERT_NOT_REACHED();
     return nullptr;
 }
 

src/shell/Shell.cpp

@@ -513,6 +513,40 @@ std::mutex workerMutex;
 std::vector<std::pair<std::thread, WorkerThreadData>> workerThreads;
 std::vector<std::string> messagesFromWorkers;
 
+static void serializeInto(ValueRef* src, std::ostringstream& ostream)
+{
+    if (src->isSharedArrayBufferObject()) {
+        char type = 100;
+        ostream << type;
+        // use unsafe pointer serialization to pass test
+        if (src->asSharedArrayBufferObject()->backingStore()) {
+            ostream << reinterpret_cast<size_t>(src->asSharedArrayBufferObject()->backingStore().value());
+        } else {
+            ostream << static_cast<size_t>(0x0);
+        }
+    } else {
+        SerializerRef::serializeInto(src, ostream);
+    }
+}
+
+static ValueRef* deserializeFrom(ContextRef* context, std::istringstream& istream)
+{
+    if (istream.peek() == 100) {
+        char type;
+        istream >> type;
+        // use unsafe pointer serialization to pass test
+        size_t ptr;
+        istream >> ptr;
+        if (ptr) {
+            return Evaluator::execute(context, [](ExecutionStateRef* state, size_t ptr) -> ValueRef* { return SharedArrayBufferObjectRef::create(state, reinterpret_cast<BackingStoreRef*>(ptr)); }, ptr).result;
+        } else {
+            return ValueRef::createUndefined();
+        }
+    } else {
+        return SerializerRef::deserializeFrom(context, istream);
+    }
+}
+
 static ValueRef* builtin262AgentStart(ExecutionStateRef* state, ValueRef* thisValue, size_t argc, ValueRef** argv, bool isConstructCall)
 {
     std::string script = argv[0]->toString(state)->toStdUTF8String();
@@ -557,8 +591,8 @@ static ValueRef* builtin262AgentStart(ExecutionStateRef* state, ValueRef* thisVa
 
             if (message.length()) {
                 std::istringstream istream(message);
-                ValueRef* val1 = SerializerRef::deserializeFrom(context.get(), istream);
-                ValueRef* val2 = SerializerRef::deserializeFrom(context.get(), istream);
+                ValueRef* val1 = deserializeFrom(context.get(), istream);
+                ValueRef* val2 = deserializeFrom(context.get(), istream);
 
                 ValueRef* callback = (ValueRef*)context.get()->globalObject()->extraData();
                 if (callback) {
@@ -611,14 +645,14 @@ static ValueRef* builtin262AgentBroadcast(ExecutionStateRef* state, ValueRef* th
 {
     std::ostringstream ostream;
     if (argc > 0) {
-        SerializerRef::serializeInto(argv[0], ostream);
+        serializeInto(argv[0], ostream);
     } else {
-        SerializerRef::serializeInto(ValueRef::createUndefined(), ostream);
+        serializeInto(ValueRef::createUndefined(), ostream);
     }
     if (argc > 1) {
-        SerializerRef::serializeInto(argv[1], ostream);
+        serializeInto(argv[1], ostream);
     } else {
-        SerializerRef::serializeInto(ValueRef::createUndefined(), ostream);
+        serializeInto(ValueRef::createUndefined(), ostream);
     }