mini_racer 0.17.0.pre9 → 0.17.0.pre11

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b3be215eb4d4e72b01480ffa28863ea7ff1947b3f8cf0b6dcd860ffde2e48799
-  data.tar.gz: adcae327e54c2c372871c255e4bfd19a07b28964cd4c7c51cbc1cc251d1f71db
+  metadata.gz: 6851fdd7226dd520cf865af8b60e64b3456a0b0cfd31a22d4f275495c8f42aef
+  data.tar.gz: ffd5db728de9571a2b7e7d83348a95b658809d36f869050338c1f5b0a814146b
 SHA512:
-  metadata.gz: 98bdc234f17c0e16ae995c8fe3566f6ec80cbd92c569e4aa31ac1999d309ae2a197b0c7cb1c5de62f542f25b4f73287d0a34ab7967e1e24c32d02fc73ade33f2
-  data.tar.gz: 7ade32c683f240c3e19eaa58b6a044192f57b1e651966c042654d401f1f5dae1aff20d1c545dd7fd05afb2b0f70659080825b5a788ab82379b119c497ac31e47
+  metadata.gz: 76e7edac2249f6aa850bd03f1a7d4c353095f4e3f0a89466c83763f945de44ac68881b57d5b784ac7b6391dd467812a7d27eeeba98ba13624f60dbe4e1db70ab
+  data.tar.gz: 9519ee4b2601ab14a0a1898518bdcda5f318b66b4b4631d7881c2e83ea656c461cbf3fa38682d8702234e01d1cad7c2358125c9b4689333db686ca7207b27fc0

data/CHANGELOG

@@ -1,3 +1,9 @@
+- 0.17.0.pre11 - 21-01-2025
+  - Corrected encoding bug with deserialization of strings - Ben Noordhuis
+
+- 0.17.0.pre10 - 20-01-2025
+  - Added back support for partially deserialized objects (objects that do not translate across boundaries are returned as Error properties) - Ben Noordhuis
+
 - 0.17.0.pre9 - 13-01-2025
   - For backwards compatibility convert v8 return values to UTF-8 (invalidly encoded string still get returned using V8 encoding)
 

data/ext/mini_racer_extension/mini_racer_extension.c

@@ -171,13 +171,14 @@ static void *rendezvous_callback(void *arg);
 typedef struct State
 {
     VALUE   a, b;
+    uint8_t verbatim_keys:1;
 } State;
 
 // note: must be stack-allocated or VALUEs won't be visible to ruby's GC
 typedef struct DesCtx
 {
     State   *tos;
-    VALUE   refs; // array
+    VALUE   refs; // object refs array
     uint8_t transcode_latin1:1;
     char    err[64];
     State   stack[512];
@@ -199,7 +200,7 @@ static void DesCtx_init(DesCtx *c)
 {
     c->tos  = c->stack;
     c->refs = rb_ary_new();
-    *c->tos = (State){Qundef, Qundef};
+    *c->tos = (State){Qundef, Qundef, /*verbatim_keys*/0};
     *c->err = '\0';
     c->transcode_latin1 = 1; // convert to utf8
 }
@@ -220,7 +221,8 @@ static void put(DesCtx *c, VALUE v)
         if (*b == Qundef) {
             *b = v;
         } else {
-            *b = rb_funcall(*b, rb_intern("to_s"), 0);
+            if (!c->tos->verbatim_keys)
+                *b = rb_funcall(*b, rb_intern("to_s"), 0);
             rb_hash_aset(*a, *b, v);
             *b = Qundef;
         }
@@ -242,7 +244,7 @@ static void push(DesCtx *c, VALUE v)
         snprintf(c->err, sizeof(c->err), "stack overflow");
         return;
     }
-    *++c->tos = (State){v, Qundef};
+    *++c->tos = (State){v, Qundef, /*verbatim_keys*/0};
     rb_ary_push(c->refs, v);
 }
 
@@ -337,13 +339,24 @@ static VALUE str_encode_bang(VALUE v)
 
 static void des_string8(void *arg, const uint8_t *s, size_t n)
 {
+    rb_encoding *e;
     DesCtx *c;
     VALUE v;
 
     c = arg;
-    v = rb_enc_str_new((char *)s, n, rb_ascii8bit_encoding());
-    if (c->transcode_latin1)
+    if (*c->err)
+        return;
+    if (c->transcode_latin1) {
+        e = rb_enc_find("ISO-8859-1"); // TODO cache?
+        if (!e) {
+            snprintf(c->err, sizeof(c->err), "no ISO-8859-1 encoding");
+            return;
+        }
+        v = rb_enc_str_new((char *)s, n, e);
         v = str_encode_bang(v); // cannot fail
+    } else {
+        v = rb_enc_str_new((char *)s, n, rb_ascii8bit_encoding());
+    }
     put(c, v);
 }
 
@@ -426,6 +439,20 @@ static void des_object_end(void *arg)
     pop(arg);
 }
 
+static void des_map_begin(void *arg)
+{
+    DesCtx *c;
+
+    c = arg;
+    push(c, rb_hash_new());
+    c->tos->verbatim_keys = 1; // don't stringify or intern keys
+}
+
+static void des_map_end(void *arg)
+{
+    pop(arg);
+}
+
 static void des_object_ref(void *arg, uint32_t id)
 {
     DesCtx *c;

data/ext/mini_racer_extension/mini_racer_v8.cc

@@ -11,6 +11,56 @@
 #include <cstring>
 #include <vector>
 
+// note: the filter function gets called inside the safe context,
+// i.e., the context that has not been tampered with by user JS
+// convention: $-prefixed identifiers signify objects from the
+// user JS context and should be handled with special care
+static const char safe_context_script_source[] = R"js(
+;(function($globalThis) {
+    const {Map: $Map, Set: $Set} = $globalThis
+    const sentinel = {}
+    return function filter(v) {
+        if (typeof v === "function")
+            return sentinel
+        if (typeof v !== "object" || v === null)
+            return v
+        if (v instanceof $Map) {
+            const m = new Map()
+            for (let [k, t] of Map.prototype.entries.call(v)) {
+                t = filter(t)
+                if (t !== sentinel)
+                    m.set(k, t)
+            }
+            return m
+        } else if (v instanceof $Set) {
+            const s = new Set()
+            for (let t of Set.prototype.values.call(v)) {
+                t = filter(t)
+                if (t !== sentinel)
+                    s.add(t)
+            }
+            return s
+        } else {
+            const o = Array.isArray(v) ? [] : {}
+            const pds = Object.getOwnPropertyDescriptors(v)
+            for (const [k, d] of Object.entries(pds)) {
+                if (!d.enumerable)
+                    continue
+                let t = d.value
+                if (d.get) {
+                    // *not* d.get.call(...), may have been tampered with
+                    t = Function.prototype.call.call(d.get, v, k)
+                }
+                t = filter(t)
+                if (t !== sentinel)
+                    Object.defineProperty(o, k, {value: t, enumerable: true})
+            }
+            return o
+        }
+    }
+})
+)js";
+
 struct Callback
 {
     struct State *st;
@@ -32,8 +82,10 @@ struct State
     // extra context for when we need access to built-ins like Array
     // and want to be sure they haven't been tampered with by JS code
     v8::Local<v8::Context> safe_context;
-    v8::Persistent<v8::Context> persistent_context;      // single-thread mode only
-    v8::Persistent<v8::Context> persistent_safe_context; // single-thread mode only
+    v8::Local<v8::Function> safe_context_function;
+    v8::Persistent<v8::Context> persistent_context;         // single-thread mode only
+    v8::Persistent<v8::Context> persistent_safe_context;    // single-thread mode only
+    v8::Persistent<v8::Function> persistent_safe_context_function;  // single-thread mode only
     Context *ruby_context;
     int64_t max_memory;
     int err_reason;
@@ -73,6 +125,23 @@ struct Serialized
 // throws JS exception on serialization error
 bool reply(State& st, v8::Local<v8::Value> v)
 {
+    v8::TryCatch try_catch(st.isolate);
+    {
+        Serialized serialized(st, v);
+        if (serialized.data) {
+            v8_reply(st.ruby_context, serialized.data, serialized.size);
+            return true;
+        }
+    }
+    if (!try_catch.CanContinue()) {
+        try_catch.ReThrow();
+        return false;
+    }
+    auto recv = v8::Undefined(st.isolate);
+    if (!st.safe_context_function->Call(st.safe_context, recv, 1, &v).ToLocal(&v)) {
+        try_catch.ReThrow();
+        return false;
+    }
     Serialized serialized(st, v);
     if (serialized.data)
         v8_reply(st.ruby_context, serialized.data, serialized.size);
@@ -240,7 +309,29 @@ extern "C" State *v8_thread_init(Context *c, const uint8_t *snapshot_buf,
         st.safe_context = v8::Context::New(st.isolate);
         st.context = v8::Context::New(st.isolate);
         v8::Context::Scope context_scope(st.context);
+        {
+            v8::Context::Scope context_scope(st.safe_context);
+            auto source = v8::String::NewFromUtf8Literal(st.isolate, safe_context_script_source);
+            auto filename = v8::String::NewFromUtf8Literal(st.isolate, "safe_context_script.js");
+            v8::ScriptOrigin origin(filename);
+            auto script =
+                v8::Script::Compile(st.safe_context, source, &origin)
+                .ToLocalChecked();
+            auto function_v = script->Run(st.safe_context).ToLocalChecked();
+            auto function = v8::Function::Cast(*function_v);
+            auto recv = v8::Undefined(st.isolate);
+            v8::Local<v8::Value> arg = st.context->Global();
+            // grant the safe context access to the user context's globalThis
+            st.safe_context->SetSecurityToken(st.context->GetSecurityToken());
+            function_v =
+                function->Call(st.safe_context, recv, 1, &arg)
+                .ToLocalChecked();
+            // revoke access again now that the script did its one-time setup
+            st.safe_context->UseDefaultSecurityToken();
+            st.safe_context_function = v8::Local<v8::Function>::Cast(function_v);
+        }
         if (single_threaded) {
+            st.persistent_safe_context_function.Reset(st.isolate, st.safe_context_function);
             st.persistent_safe_context.Reset(st.isolate, st.safe_context);
             st.persistent_context.Reset(st.isolate, st.context);
             return pst; // intentionally returning early and keeping alive
@@ -792,12 +883,14 @@ extern "C" void v8_single_threaded_enter(State *pst, Context *c, void (*f)(Conte
     v8::Isolate::Scope isolate_scope(st.isolate);
     v8::HandleScope handle_scope(st.isolate);
     {
+        st.safe_context_function = v8::Local<v8::Function>::New(st.isolate, st.persistent_safe_context_function);
         st.safe_context = v8::Local<v8::Context>::New(st.isolate, st.persistent_safe_context);
         st.context = v8::Local<v8::Context>::New(st.isolate, st.persistent_context);
         v8::Context::Scope context_scope(st.context);
         f(c);
         st.context = v8::Local<v8::Context>();
         st.safe_context = v8::Local<v8::Context>();
+        st.safe_context_function = v8::Local<v8::Function>();
     }
 }
 

data/ext/mini_racer_extension/serde.c

@@ -31,6 +31,8 @@ static void des_named_props_begin(void *arg);
 static void des_named_props_end(void *arg);
 static void des_object_begin(void *arg);
 static void des_object_end(void *arg);
+static void des_map_begin(void *arg);
+static void des_map_end(void *arg);
 static void des_object_ref(void *arg, uint32_t id);
 // des_error_begin: followed by des_object_begin + des_object_end calls
 static void des_error_begin(void *arg);
@@ -642,7 +644,7 @@ again:
         des_object_end(arg);
         break;
     case ';': // Map
-        des_object_begin(arg);
+        des_map_begin(arg);
         for (u = 0; /*empty*/; u++) {
             if (*p >= pe)
                 goto too_short;
@@ -658,7 +660,7 @@ again:
             goto bad_varint;
         if (t != 2*u)
             return bail(err, "map element count mismatch");
-        des_object_end(arg);
+        des_map_end(arg);
         break;
     case '\'': // Set
         des_array_begin(arg);

data/lib/mini_racer/version.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
 module MiniRacer
-  VERSION = "0.17.0.pre9"
+  VERSION = "0.17.0.pre11"
   LIBV8_NODE_VERSION = "~> 22.7.0.4"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: mini_racer
 version: !ruby/object:Gem::Version
-  version: 0.17.0.pre9
+  version: 0.17.0.pre11
 platform: ruby
 authors:
 - Sam Saffron
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-01-13 00:00:00.000000000 Z
+date: 2025-01-20 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -123,9 +123,9 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/discourse/mini_racer/issues
-  changelog_uri: https://github.com/discourse/mini_racer/blob/v0.17.0.pre9/CHANGELOG
-  documentation_uri: https://www.rubydoc.info/gems/mini_racer/0.17.0.pre9
-  source_code_uri: https://github.com/discourse/mini_racer/tree/v0.17.0.pre9
+  changelog_uri: https://github.com/discourse/mini_racer/blob/v0.17.0.pre11/CHANGELOG
+  documentation_uri: https://www.rubydoc.info/gems/mini_racer/0.17.0.pre11
+  source_code_uri: https://github.com/discourse/mini_racer/tree/v0.17.0.pre11
 post_install_message:
 rdoc_options: []
 require_paths: