From 495fbf5bdb7c11b3c072eab8f0a85abb6bf803bc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Sun, 4 May 2025 10:31:01 +0100 Subject: [PATCH] src: enforce assumptions in FIXED_ONE_BYTE_STRING These functions are both meant to be used with a null-terminated and thus non-empty sequence of `char`s. However, there is nothing stopping call sites from passing zero-length sequences, which would certainly not be null-terminated and also would cause an underflow in `N - 1`. Therefore, this commit - changes the size `N` of the array from `int` to `std::size_t`, - ensures that compilation will fail if `N = 0`, and - adds a runtime assertion that fails if the `N`-th `char` is not `\0`. Note that the runtime assertion should be eliminated by any optimizing compiler when given a string literal, which is how these functions are used for the most part (though not exclusively). --- src/util.h | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/src/util.h b/src/util.h index 0719f7370fe64a..59a7622912ebb2 100644 --- a/src/util.h +++ b/src/util.h @@ -346,17 +346,19 @@ inline v8::Local OneByteString(v8::Isolate* isolate, std::string_view str); // Used to be a macro, hence the uppercase name. -template -inline v8::Local FIXED_ONE_BYTE_STRING( - v8::Isolate* isolate, - const char(&data)[N]) { +template + requires(N > 0) +inline v8::Local FIXED_ONE_BYTE_STRING(v8::Isolate* isolate, + const char (&data)[N]) { + CHECK_EQ(data[N - 1], '\0'); return OneByteString(isolate, data, N - 1); } template + requires(N > 0) inline v8::Local FIXED_ONE_BYTE_STRING( - v8::Isolate* isolate, - const std::array& arr) { + v8::Isolate* isolate, const std::array& arr) { + CHECK_EQ(arr[N - 1], '\0'); return OneByteString(isolate, arr.data(), N - 1); }