starscript
starscript copied to clipboard
MeteorDevelopment
No Overflow Checking Array Index for Constants
starscript/src/main/java/org/meteordev/starscript
/Script.java lines 44-60
public void writeConstant(Value constant) {
int constantI = -1;
for (int i = 0; i < constants.size(); i++) {
if (constants.get(i).equals(constant)) {
constantI = i;
break;
}
}
if (constantI == -1) {
constantI = constants.size();
constants.add(constant);
}
write(constantI);
}
This depends on:
private void write(int b) {
if (size >= code.length) {
byte[] newCode = new byte[code.length * 2];
System.arraycopy(code, 0, newCode, 0, code.length);
code = newCode;
}
code[size++] = (byte) b;
}
That never checks if the value of b is greater than 127.
The declaration
public final List<Value> constants = new ArrayList<>();
does not set a limit on the size of the list as being 127.
So the following call cannot know whether we are exceeding the list size limit:
constants.add(constant);
Implicitly assumed by the particular application.
Only this cast of (byte):
code[size++] = (byte) b;
Might throw and error for values of b>127. Even if it does, the error cannot be descriptive of the true problem, that there are too many unique constants.
The limit of 127 unique constants would be a limit of StarScript for expansion more than the instruction pointer space.
In C there is (unsigned byte) which would double the number of a lot of things in StarScript... I do not know if that is a thing in JAVA.
I am wondering how Jump coding works with the ( >> 8) & 0xFF and & 0xFF if the data coded is & 0x7F as a rule because it is a Java byte.
It would seem no program could be over 127 bytes long and function properly ? Or if jumps are relative, which I am starting to wonder about because of the word offset in the code relating to jumps, then no ()?():() alternative block is allowed to code to more than 127 bytes -- which is less restrictive.
