add bounds check for SliceExpr on string (fixes #543)

neelance · neelance · commit e34a5cd6a1bc · 2016-10-31T11:51:40.000+01:00
diff --git a/compiler/expressions.go b/compiler/expressions.go
@@ -479,11 +479,11 @@ func (c *funcContext) translateExpr(expr ast.Expr) *expression {
 			case e.Low == nil && e.High == nil:
 				return c.translateExpr(e.X)
 			case e.Low == nil:
-				return c.formatExpr("%e.substring(0, %f)", e.X, e.High)
+				return c.formatExpr("$substring(%e, 0, %f)", e.X, e.High)
 			case e.High == nil:
-				return c.formatExpr("%e.substring(%f)", e.X, e.Low)
+				return c.formatExpr("$substring(%e, %f)", e.X, e.Low)
 			default:
-				return c.formatExpr("%e.substring(%f, %f)", e.X, e.Low, e.High)
+				return c.formatExpr("$substring(%e, %f, %f)", e.X, e.Low, e.High)
 			}
 		}
 		slice := c.translateConversionToSlice(e.X, exprType)
diff --git a/compiler/prelude/prelude.go b/compiler/prelude/prelude.go
@@ -110,6 +110,13 @@ var $subslice = function(slice, low, high, max) {
   return s;
 };
 
+var $substring = function(str, low, high) {
+  if (low < 0 || high < low || high > str.length) {
+    $throwRuntimeError("slice bounds out of range");
+  }
+  return str.substring(low, high);
+};
+
 var $sliceToArray = function(slice) {
   if (slice.$length === 0) {
     return [];
diff --git a/tests/misc_test.go b/tests/misc_test.go
@@ -585,3 +585,14 @@ func TestDeferNamedTupleReturnImplicitCast(t *testing.T) {
 		t.Fail()
 	}
 }
+
+func TestSliceOfString(t *testing.T) {
+	defer func() {
+		if err := recover(); err == nil || !strings.Contains(err.(error).Error(), "slice bounds out of range") {
+			t.Fail()
+		}
+	}()
+
+	str := "foo"
+	print(str[0:10])
+}
