msgpackr 1.10.0 → 1.10.2

package/dist/index.js

@@ -858,7 +858,7 @@
 				return readFixedString(length)
 		} else { // not cacheable, go back and do a standard read
 			position$1--;
-			return read().toString()
+			return asSafeString(read())
 		}
 		let key = ((length << 5) ^ (length > 1 ? dataView.getUint16(position$1) : length > 0 ? src[position$1] : 0)) & 0xfff;
 		let entry = keyCache[key];
@@ -910,9 +910,17 @@
 		return entry.string = readFixedString(length)
 	}
 
+	function asSafeString(property) {
+		// protect against expensive (DoS) string conversions
+		if (typeof property === 'string') return property;
+		if (typeof property === 'number' || typeof property === 'boolean' || typeof property === 'bigint') return property.toString();
+		if (property == null) return property + '';
+		throw new Error('Invalid property type for record', typeof property);
+	}
 	// the registration of the record definition extension (as "r")
 	const recordDefinition = (id, highByte) => {
-		let structure = read().map(property => property.toString()); // ensure that all keys are strings and that the array is mutable
+		let structure = read().map(asSafeString); // ensure that all keys are strings and
+		// that the array is mutable
 		let firstByte = id;
 		if (highByte !== undefined) {
 			id = id < 32 ? -((highByte << 5) + id) : ((highByte << 5) + id);
@@ -946,11 +954,12 @@
 	let errors = { Error, TypeError, ReferenceError };
 	currentExtensions[0x65] = () => {
 		let data = read();
-		return (errors[data[0]] || Error)(data[1])
+		return (errors[data[0]] || Error)(data[1], { cause: data[2] })
 	};
 
 	currentExtensions[0x69] = (data) => {
 		// id extension (for structured clones)
+		if (currentUnpackr.structuredClone === false) throw new Error('Structured clone extension is disabled')
 		let id = dataView.getUint32(position$1 - 4);
 		if (!referenceMap)
 			referenceMap = new Map();
@@ -974,6 +983,7 @@
 
 	currentExtensions[0x70] = (data) => {
 		// pointer extension (for structured clones)
+		if (currentUnpackr.structuredClone === false) throw new Error('Structured clone extension is disabled')
 		let id = dataView.getUint32(position$1 - 4);
 		let refEntry = referenceMap.get(id);
 		refEntry.used = true;
@@ -988,8 +998,15 @@
 	currentExtensions[0x74] = (data) => {
 		let typeCode = data[0];
 		let typedArrayName = typedArrays[typeCode];
-		if (!typedArrayName)
+		if (!typedArrayName) {
+			if (typeCode === 16) {
+				let ab = new ArrayBuffer(data.length - 1);
+				let u8 = new Uint8Array(ab);
+				u8.set(data.subarray(1));
+				return ab;
+			}
 			throw new Error('Could not find typed array for code ' + typeCode)
+		}
 		// we have to always slice/copy here to get a new ArrayBuffer that is word/byte aligned
 		return new glbl[typedArrayName](Uint8Array.prototype.slice.call(data, 1).buffer)
 	};
@@ -1285,10 +1302,14 @@
 									return packr.pack(value, encodeOptions)
 								}
 								packr.lastNamedStructuresLength = sharedLength;
+								// don't keep large buffers around
+								if (target.length > 0x40000000) target = null;
 								return returnBuffer
 							}
 						}
 					}
+					// don't keep large buffers around, they take too much memory and cause problems (limit at 1GB)
+					if (target.length > 0x40000000) target = null;
 					if (encodeOptions & RESET_BUFFER_MODE)
 						position = start;
 				}
@@ -1511,7 +1532,7 @@
 						}
 						let constructor = value.constructor;
 						if (constructor === Object) {
-							writeObject(value, true);
+							writeObject(value);
 						} else if (constructor === Array) {
 							packArray(value);
 						} else if (constructor === Map) {
@@ -1607,8 +1628,8 @@
 								if (type === 'function')
 									return pack(this.writeFunction && this.writeFunction(value));
 								
-								// no extension found, write as object
-								writeObject(value, !value.hasOwnProperty); // if it doesn't have hasOwnProperty, don't do hasOwnProperty checks
+								// no extension found, write as plain object
+								writeObject(value);
 							}
 						}
 					}
@@ -1695,13 +1716,13 @@
 					}
 				}
 			} :
-			(object, safePrototype) => {
+			(object) => {
 				target[position++] = 0xde; // always using map 16, so we can preallocate and set the length afterwards
 				let objectOffset = position - start;
 				position += 2;
 				let size = 0;
 				for (let key in object) {
-					if (safePrototype || object.hasOwnProperty(key)) {
+					if (typeof object.hasOwnProperty !== 'function' || object.hasOwnProperty(key)) {
 						pack(key);
 						pack(object[key]);
 						size++;
@@ -1713,12 +1734,12 @@
 
 			const writeRecord = this.useRecords === false ? writePlainObject :
 			(options.progressiveRecords && !useTwoByteRecords) ?  // this is about 2% faster for highly stable structures, since it only requires one for-in loop (but much more expensive when new structure needs to be written)
-			(object, safePrototype) => {
+			(object) => {
 				let nextTransition, transition = structures.transitions || (structures.transitions = Object.create(null));
 				let objectOffset = position++ - start;
 				let wroteKeys;
 				for (let key in object) {
-					if (safePrototype || object.hasOwnProperty(key)) {
+					if (typeof object.hasOwnProperty !== 'function' || object.hasOwnProperty(key)) {
 						nextTransition = transition[key];
 						if (nextTransition)
 							transition = nextTransition;
@@ -1757,10 +1778,10 @@
 						insertNewRecord(transition, Object.keys(object), objectOffset, 0);
 				}
 			} :
-			(object, safePrototype) => {
+			(object) => {
 				let nextTransition, transition = structures.transitions || (structures.transitions = Object.create(null));
 				let newTransitions = 0;
-				for (let key in object) if (safePrototype || object.hasOwnProperty(key)) {
+				for (let key in object) if (typeof object.hasOwnProperty !== 'function' || object.hasOwnProperty(key)) {
 					nextTransition = transition[key];
 					if (!nextTransition) {
 						nextTransition = transition[key] = Object.create(null);
@@ -1780,7 +1801,7 @@
 				}
 				// now write the values
 				for (let key in object)
-					if (safePrototype || object.hasOwnProperty(key)) {
+					if (typeof object.hasOwnProperty !== 'function' || object.hasOwnProperty(key)) {
 						pack(object[key]);
 					}
 			};
@@ -1788,8 +1809,8 @@
 			// craete reference to useRecords if useRecords is a function
 			const checkUseRecords = typeof this.useRecords == 'function' && this.useRecords;
 			
-			const writeObject = checkUseRecords ? (object, safePrototype) => {
-				checkUseRecords(object) ? writeRecord(object,safePrototype) : writePlainObject(object,safePrototype);
+			const writeObject = checkUseRecords ? (object) => {
+				checkUseRecords(object) ? writeRecord(object) : writePlainObject(object);
 			} : writeRecord;
 
 			const makeRoom = (end) => {
@@ -1894,7 +1915,7 @@
 					target[insertionOffset + start] = keysTarget[0];
 				}
 			};
-			const writeStruct = (object, safePrototype) => {
+			const writeStruct = (object) => {
 				let newPosition = writeStructSlots(object, target, start, position, structures, makeRoom, (value, newPosition, notifySharedUpdate) => {
 					if (notifySharedUpdate)
 						return hasSharedUpdate = true;
@@ -1908,7 +1929,7 @@
 					return position;
 				}, this);
 				if (newPosition === 0) // bail and go to a msgpack object
-					return writeObject(object, true);
+					return writeObject(object);
 				position = newPosition;
 			};
 		}
@@ -1986,7 +2007,7 @@
 				target[position++] = 0x65; // 'e' for error
 				target[position++] = 0;
 			}
-			pack([ error.name, error.message ]);
+			pack([ error.name, error.message, error.cause ]);
 		}
 	}, {
 		pack(regex, allocateForWrite, pack) {
@@ -2039,6 +2060,7 @@
 		}
 		target[position++] = 0x74; // "t" for typed array
 		target[position++] = type;
+		if (!typedArray.buffer) typedArray = new Uint8Array(typedArray);
 		target.set(new Uint8Array(typedArray.buffer, typedArray.byteOffset, typedArray.byteLength), position);
 	}
 	function writeBuffer(buffer, allocateForWrite) {