From eefffd194a8328fa21ef43e4771cfda8303306ad Mon Sep 17 00:00:00 2001 From: Nicolas Stucki Date: Wed, 25 Oct 2023 17:07:41 +0200 Subject: [PATCH] Only allow characters and numbers in attributes --- .../src/dotty/tools/dotc/core/tasty/AttributePickler.scala | 1 + .../dotty/tools/dotc/core/tasty/AttributeUnpickler.scala | 1 + tasty/src/dotty/tools/tasty/TastyFormat.scala | 7 +++++-- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/compiler/src/dotty/tools/dotc/core/tasty/AttributePickler.scala b/compiler/src/dotty/tools/dotc/core/tasty/AttributePickler.scala index e948d8bb5fef..af2b2e4759ff 100644 --- a/compiler/src/dotty/tools/dotc/core/tasty/AttributePickler.scala +++ b/compiler/src/dotty/tools/dotc/core/tasty/AttributePickler.scala @@ -18,6 +18,7 @@ object AttributePickler: for attribute <- attributes do val bytes = attribute.getBytes(StandardCharsets.UTF_8).nn val length = bytes.length + assert("[a-zA-Z0-9]+".r.matches(attribute), "Malformed attribute. Attribute must match [a-zA-Z0-9]+") buf.writeNat(length) buf.writeBytes(bytes, length) end pickleAttributes diff --git a/compiler/src/dotty/tools/dotc/core/tasty/AttributeUnpickler.scala b/compiler/src/dotty/tools/dotc/core/tasty/AttributeUnpickler.scala index 37a7970e5018..6ed120119d58 100644 --- a/compiler/src/dotty/tools/dotc/core/tasty/AttributeUnpickler.scala +++ b/compiler/src/dotty/tools/dotc/core/tasty/AttributeUnpickler.scala @@ -16,6 +16,7 @@ class AttributeUnpickler(reader: TastyReader): val length = readNat() val bytes = readBytes(length) val attribute = new String(bytes, StandardCharsets.UTF_8) + assert("[a-zA-Z0-9]+".r.matches(attribute), "Malformed attribute. Attribute must match [a-zA-Z0-9]+") attributesBuilder += attribute } attributesBuilder.result() diff --git a/tasty/src/dotty/tools/tasty/TastyFormat.scala b/tasty/src/dotty/tools/tasty/TastyFormat.scala index ae8b4dfd8f2d..887109d16cf0 100644 --- a/tasty/src/dotty/tools/tasty/TastyFormat.scala +++ b/tasty/src/dotty/tools/tasty/TastyFormat.scala @@ -265,10 +265,13 @@ All elements of a position section are serialized as Ints Standard Section: "Comments" Comment* ```none - Comment = Length Bytes LongInt // Raw comment's bytes encoded as UTF-8, followed by the comment's coordinates. + Comment = UTF8 LongInt // Raw comment's bytes encoded as UTF-8, followed by the comment's coordinates. ``` -Standard Section: "Attributes" UTF8* +Standard Section: "Attributes" Attribute* +```none + Attribute = UTF8 // attributes match the regex [a-zA-Z0-9]+ +``` **************************************************************************************/