From 023c3aa5b091605316bf87a9fc516e54d03e5874 Mon Sep 17 00:00:00 2001 From: Luke Wilde Date: Mon, 9 Dec 2024 22:04:12 +0000 Subject: [PATCH] LibWeb: Respect subarrays in Crypto#getRandomBytes It is the responsibility of code that deals with TypedArrays to apply the byte offset and byte length. Not doing this caused Unity Web to crash, as they call getRandomValues with views into their full main memory. Previously, it would fill their entire memory of about 33.5 MB with random bytes. --- Libraries/LibWeb/Crypto/Crypto.cpp | 2 +- .../Crypto-getRandomValues-respects-subarrays.txt | 2 ++ .../Crypto-getRandomValues-respects-subarrays.html | 11 +++++++++++ 3 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 Tests/LibWeb/Text/expected/Crypto/Crypto-getRandomValues-respects-subarrays.txt create mode 100644 Tests/LibWeb/Text/input/Crypto/Crypto-getRandomValues-respects-subarrays.html diff --git a/Libraries/LibWeb/Crypto/Crypto.cpp b/Libraries/LibWeb/Crypto/Crypto.cpp index 0089b463e9ae..24740bb3765f 100644 --- a/Libraries/LibWeb/Crypto/Crypto.cpp +++ b/Libraries/LibWeb/Crypto/Crypto.cpp @@ -67,7 +67,7 @@ WebIDL::ExceptionOr> Crypto::get_random_values // FIXME: Handle SharedArrayBuffers // 3. Overwrite all elements of array with cryptographically strong random values of the appropriate type. - fill_with_random(array->viewed_array_buffer()->buffer()); + fill_with_random(array->viewed_array_buffer()->buffer().bytes().slice(array->byte_offset(), array->byte_length())); // 4. Return array. return array; diff --git a/Tests/LibWeb/Text/expected/Crypto/Crypto-getRandomValues-respects-subarrays.txt b/Tests/LibWeb/Text/expected/Crypto/Crypto-getRandomValues-respects-subarrays.txt new file mode 100644 index 000000000000..e0a8ef819ca1 --- /dev/null +++ b/Tests/LibWeb/Text/expected/Crypto/Crypto-getRandomValues-respects-subarrays.txt @@ -0,0 +1,2 @@ +Is first 2 bytes still 0x41? true +Is last 6 bytes still 0x41? true diff --git a/Tests/LibWeb/Text/input/Crypto/Crypto-getRandomValues-respects-subarrays.html b/Tests/LibWeb/Text/input/Crypto/Crypto-getRandomValues-respects-subarrays.html new file mode 100644 index 000000000000..e5ac90ba033b --- /dev/null +++ b/Tests/LibWeb/Text/input/Crypto/Crypto-getRandomValues-respects-subarrays.html @@ -0,0 +1,11 @@ + + +