add boundary check

youknowone · youknowone · commit ecfaed335c6d · 2026-01-04T22:14:58.000+09:00
diff --git a/crates/vm/src/builtins/code.rs b/crates/vm/src/builtins/code.rs
@@ -358,11 +358,16 @@ impl PyCode {
         vm: &VirtualMachine,
     ) -> PyResult<PyRef<Self>> {
         if !crate::import::check_pyc_magic_number_bytes(pyc_bytes) {
-            return Err(vm.new_runtime_error("pyc bytes has wrong MAGIC"));
+            return Err(vm.new_value_error("pyc bytes has wrong MAGIC"));
         }
         let bootstrap_external = vm.import("_frozen_importlib_external", 0)?;
         let compile_bytecode = bootstrap_external.get_attr("_compile_bytecode", vm)?;
-        let code_bytes = &pyc_bytes[16..];
+        let Some((_, code_bytes)) = pyc_bytes.split_at_checked(16) else {
+            return Err(vm.new_value_error(format!(
+                "pyc_bytes header is broken. 16 bytes expected but {} bytes given.",
+                pyc_bytes.len()
+            )));
+        };
         let code_bytes_obj = vm.ctx.new_bytes(code_bytes.to_vec());
         let compiled =
             compile_bytecode.call((code_bytes_obj, name, bytecode_path, source_path), vm)?;
diff --git a/crates/vm/src/import.rs b/crates/vm/src/import.rs
@@ -9,7 +9,7 @@ use crate::{
 };
 
 pub(crate) fn check_pyc_magic_number_bytes(buf: &[u8]) -> bool {
-    buf[..2] == crate::version::PYC_MAGIC_NUMBER_BYTES[..2]
+    buf.starts_with(&crate::version::PYC_MAGIC_NUMBER_BYTES[..2])
 }
 
 pub(crate) fn init_importlib_base(vm: &mut VirtualMachine) -> PyResult<PyObjectRef> {

Original file line number	Diff line number	Diff line change
`@@ -9,7 +9,7 @@ use crate::{`
`9`	`9`	`};`
`10`	`10`
`11`	`11`	`pub(crate) fn check_pyc_magic_number_bytes(buf: &[u8]) -> bool {`
`12`		`- buf[..2] == crate::version::PYC_MAGIC_NUMBER_BYTES[..2]`
	`12`	`+ buf.starts_with(&crate::version::PYC_MAGIC_NUMBER_BYTES[..2])`
`13`	`13`	`}`
`14`	`14`
`15`	`15`	`pub(crate) fn init_importlib_base(vm: &mut VirtualMachine) -> PyResult<PyObjectRef> {`