fix: out-of-bounds accessing in advance_string() (#161)

* fix: out-of-bounds accessing in advance_string()

* fix: use Clang12 as C compiler

Co-authored-by: liuqiang <liuqiang.06@bytedance.com>
Co-authored-by: duanyi.aster <duanyi.aster@bytedance.com>

internal/native/avx/native_amd64_test.go

@@ -43,6 +43,16 @@ func TestNative_Value(t *testing.T) {
     assert.Equal(t, 3, v.Ep)
 }
 
+func TestNative_Value_OutOfBound(t *testing.T) {
+    var v types.JsonState
+    mem := []byte{'"', '"'}
+    s := rt.Mem2Str(mem[:1])
+    p := (*rt.GoString)(unsafe.Pointer(&s))
+    x := __value(p.Ptr, p.Len, 0, &v, 0)
+    assert.Equal(t, 1, x)
+    assert.Equal(t, -int(types.ERR_EOF), int(v.Vt))
+}
+
 func TestNative_Quote(t *testing.T) {
     s := "hello\b\f\n\r\t\\\"\u666fworld"
     d := make([]byte, 256)

internal/native/avx/native_subr_amd64.go

@@ -14,16 +14,16 @@ var (
     _subr__lspace      = __native_entry__() + 301
     _subr__lzero       = __native_entry__() + 13
     _subr__quote       = __native_entry__() + 4955
-    _subr__skip_array  = __native_entry__() + 17298
+    _subr__skip_array  = __native_entry__() + 17304
-    _subr__skip_object = __native_entry__() + 17333
+    _subr__skip_object = __native_entry__() + 17339
-    _subr__skip_one    = __native_entry__() + 15505
+    _subr__skip_one    = __native_entry__() + 15525
     _subr__u64toa      = __native_entry__() + 3735
     _subr__unquote     = __native_entry__() + 5888
     _subr__value       = __native_entry__() + 10928
-    _subr__vnumber     = __native_entry__() + 13704
+    _subr__vnumber     = __native_entry__() + 13724
-    _subr__vsigned     = __native_entry__() + 14977
+    _subr__vsigned     = __native_entry__() + 14997
-    _subr__vstring     = __native_entry__() + 12691
+    _subr__vstring     = __native_entry__() + 12689
-    _subr__vunsigned   = __native_entry__() + 15236
+    _subr__vunsigned   = __native_entry__() + 15256
 )
 
 var (

internal/native/avx2/native_amd64_test.go

@@ -43,6 +43,16 @@ func TestNative_Value(t *testing.T) {
     assert.Equal(t, 3, v.Ep)
 }
 
+func TestNative_Value_OutOfBound(t *testing.T) {
+    var v types.JsonState
+    mem := []byte{'"', '"'}
+    s := rt.Mem2Str(mem[:1])
+    p := (*rt.GoString)(unsafe.Pointer(&s))
+    x := __value(p.Ptr, p.Len, 0, &v, 0)
+    assert.Equal(t, 1, x)
+    assert.Equal(t, -int(types.ERR_EOF), int(v.Vt))
+}
+
 func TestNative_Quote(t *testing.T) {
     s := "hello\b\f\n\r\t\\\"\u666fworld"
     d := make([]byte, 256)

internal/native/avx2/native_subr_amd64.go

@@ -14,16 +14,16 @@ var (
     _subr__lspace      = __native_entry__() + 429
     _subr__lzero       = __native_entry__() + 13
     _subr__quote       = __native_entry__() + 5328
-    _subr__skip_array  = __native_entry__() + 20361
+    _subr__skip_array  = __native_entry__() + 20330
-    _subr__skip_object = __native_entry__() + 20396
+    _subr__skip_object = __native_entry__() + 20365
-    _subr__skip_one    = __native_entry__() + 17472
+    _subr__skip_one    = __native_entry__() + 17473
     _subr__u64toa      = __native_entry__() + 4008
     _subr__unquote     = __native_entry__() + 7125
     _subr__value       = __native_entry__() + 13020
-    _subr__vnumber     = __native_entry__() + 15671
+    _subr__vnumber     = __native_entry__() + 15672
-    _subr__vsigned     = __native_entry__() + 16944
+    _subr__vsigned     = __native_entry__() + 16945
-    _subr__vstring     = __native_entry__() + 14794
+    _subr__vstring     = __native_entry__() + 14795
-    _subr__vunsigned   = __native_entry__() + 17203
+    _subr__vunsigned   = __native_entry__() + 17204
 )
 
 var (

internal/native/native_amd64_test.tmpl

@@ -41,6 +41,16 @@ func TestNative_Value(t *testing.T) {
     assert.Equal(t, 3, v.Ep)
 }
 
+func TestNative_Value_OutOfBound(t *testing.T) {
+    var v types.JsonState
+    mem := []byte{'"', '"'}
+    s := rt.Mem2Str(mem[:1])
+    p := (*rt.GoString)(unsafe.Pointer(&s))
+    x := __value(p.Ptr, p.Len, 0, &v, 0)
+    assert.Equal(t, 1, x)
+    assert.Equal(t, -int(types.ERR_EOF), int(v.Vt))
+}
+
 func TestNative_Quote(t *testing.T) {
     s := "hello\b\f\n\r\t\\\"\u666fworld"
     d := make([]byte, 256)

native/scanning.c

@@ -107,6 +107,11 @@ static inline ssize_t advance_string(const GoString *src, long p, int64_t *ep) {
     uint64_t m1;
     uint64_t cr = 0;
 
+    /* prevent out-of-bounds accessing */
+    if (unlikely(src->len == p)) {
+        return -ERR_EOF;
+    }
+
     /* buffer pointers */
     size_t       nb = src->len;
     const char * sp = src->buf;
@@ -318,7 +323,7 @@ long value(const char *s, size_t n, long p, JsonState *ret, int allow_control) {
     long     q = p;
     GoString m = {.buf = s, .len = n};
 
-    /* parse the next identifier */
+    /* parse the next identifier, q is UNSAFE, may cause out-of-bounds accessing */
     switch (advance_ns(&m, &q)) {
         case '-' : /* fallthrough */
         case '0' : /* fallthrough */