-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
src: fix UB in InternalModuleReadFile() #16871
Conversation
test/parallel/test-module-binding.js
Outdated
|
||
strictEqual(internalModuleReadFile('nosuchfile'), undefined); | ||
strictEqual(internalModuleReadFile(fixturesDir + '/empty.txt'), ''); | ||
strictEqual(internalModuleReadFile(fixturesDir + '/empty-with-bom.txt'), ''); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
unblocking nit: for consistency...
const fixtures = require('../common/fixtures');
/* ... */
strictEqual(internalModuleReadFile(fixtures.path('empty-with-bom.txt'));
2edbadf
to
72e23a4
Compare
Updated test. New CI: https://ci.nodejs.org/job/node-test-pull-request/11322/ |
72e23a4
to
f823d38
Compare
`&vec[0]` is undefined behavior when `vec.size() == 0`. It is mostly academic because package.json files are not usually empty and because with most STL implementations it decays to something that is legal C++ as long as the result is not dereferenced, but better safe than sorry. Note that the tests don't actually fail because of that, I added them as sanity checks. PR-URL: #16871 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Franziska Hinkelmann <[email protected]> Reviewed-By: James M Snell <[email protected]>
Should this land on v8.x or v6.x? It lands cleanly on 8.x, but will require a backport for v6.x |
@MylesBorins it’s not worth the trouble of backporting I’d say (not that I’d want to stop @bnoordhuis from doing that), but if it lands cleanly it should probably go into v8.x |
`&vec[0]` is undefined behavior when `vec.size() == 0`. It is mostly academic because package.json files are not usually empty and because with most STL implementations it decays to something that is legal C++ as long as the result is not dereferenced, but better safe than sorry. Note that the tests don't actually fail because of that, I added them as sanity checks. PR-URL: #16871 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: Colin Ihrig <[email protected]> Reviewed-By: Franziska Hinkelmann <[email protected]> Reviewed-By: James M Snell <[email protected]>
&vec[0]
is undefined behavior whenvec.size() == 0
.It is mostly academic because package.json files are not usually empty
and because with most STL implementations it decays to something that
is legal C++ as long as the result is not dereferenced, but better safe
than sorry.
Note that the tests don't actually fail because of that, I added them
as sanity checks.
Split off from #15767 where it already had a couple of LGTMs.
CI: https://ci.nodejs.org/job/node-test-pull-request/11283/