diff --git a/CHANGELOG.md b/CHANGELOG.md index cef2ba68b..d8f549b9e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +## [8.8.5](https://github.com/NativeScript/android/compare/v8.8.4...v8.8.5) (2024-09-30) + + +### Bug Fixes + +* prevent metadata offset overflow into array space and convert shorts to uints before addition ([9cfc349](https://github.com/NativeScript/android/commit/9cfc3493017243948b043a51f68b7c7bcab1e6b9)) + + + ## [8.8.4](https://github.com/NativeScript/android/compare/v8.8.3...v8.8.4) (2024-09-06) diff --git a/package.json b/package.json index 8896d9908..f5bfd9804 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "@akylas/nativescript-android-runtime", "description": "NativeScript for Android using v8", - "version": "8.8.4", + "version": "8.8.5", "repository": { "type": "git", "url": "https://github.com/NativeScript/android.git" diff --git a/test-app/build-tools/android-metadata-generator/src/src/com/telerik/metadata/Writer.java b/test-app/build-tools/android-metadata-generator/src/src/com/telerik/metadata/Writer.java index 36777a831..a09472fa2 100644 --- a/test-app/build-tools/android-metadata-generator/src/src/com/telerik/metadata/Writer.java +++ b/test-app/build-tools/android-metadata-generator/src/src/com/telerik/metadata/Writer.java @@ -305,7 +305,7 @@ public void writeTree(TreeNode root) throws Exception { outStringsStream.close(); writeInt(0, outValueStream); - final int array_offset = 1000 * 1000 * 1000; + final int array_offset = Integer.MAX_VALUE; // 2147483647, which is half of uint32 d.push(root); while (!d.isEmpty()) { @@ -328,6 +328,10 @@ public void writeTree(TreeNode root) throws Exception { throw new Exception("should not happen"); } + if ((n.nodeType & TreeNode.Array) != TreeNode.Array && Integer.toUnsignedLong(n.offsetValue) >= Integer.toUnsignedLong(array_offset)) { + throw new Exception("Non-array metadata has overflown array space. Please report this issue."); + } + d.addAll(n.children); } @@ -339,7 +343,7 @@ public void writeTree(TreeNode root) throws Exception { TreeNode n = d.pollFirst(); if (n.arrayElement != null) { - n.offsetValue = array_offset + n.arrayElement.id; + n.offsetValue = array_offset + Short.toUnsignedInt(n.arrayElement.id); } if (!n.children.isEmpty()) { @@ -387,6 +391,8 @@ public void writeTree(TreeNode root) throws Exception { obj.addProperty("id", Short.toUnsignedInt(n.id)); obj.addProperty("nextSiblingId", Short.toUnsignedInt(n.nextSiblingId)); obj.addProperty("firstChildId", Short.toUnsignedInt(n.firstChildId)); + obj.addProperty("offsetName", Integer.toUnsignedLong(n.offsetName)); + obj.addProperty("offsetValue", Integer.toUnsignedLong(n.offsetValue)); obj.addProperty("name", n.getName()); obj.addProperty("nodeType", n.nodeType); rootArray.add(obj); diff --git a/test-app/runtime/src/main/cpp/MetadataReader.h b/test-app/runtime/src/main/cpp/MetadataReader.h index 1f3706994..22f7fbfdd 100644 --- a/test-app/runtime/src/main/cpp/MetadataReader.h +++ b/test-app/runtime/src/main/cpp/MetadataReader.h @@ -167,7 +167,7 @@ class MetadataReader { private: - static const uint32_t ARRAY_OFFSET = 1000000000; + static const uint32_t ARRAY_OFFSET = INT32_MAX; // 2147483647 MetadataTreeNode* BuildTree();