Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Backport «buffer: ignore negative allocation lengths» to v5.x #7221

Merged
merged 1 commit into from
Jun 17, 2016

Conversation

ChALkeR
Copy link
Member

@ChALkeR ChALkeR commented Jun 8, 2016

This backports #7051 (by @addaleax) to v5.x.
It landed cleanly and is straightforward fix for #7047.

I originally included this in #7169 backport, but that one is semver-minor, and I'm not exactly sure if the next 5.x release will be a semver-minor, but I definitely want this to make it into the next 5.x release.

/cc @jasnell, you already reviewed this backport in #7169, but could you also leave a comment here?
Also /cc @thealphanerd

@nodejs-github-bot nodejs-github-bot added the buffer Issues and PRs related to the buffer subsystem. label Jun 8, 2016
@ChALkeR ChALkeR added the v5.x label Jun 8, 2016
@@ -1438,3 +1438,14 @@ assert.equal(Buffer.prototype.parent, undefined);
assert.equal(Buffer.prototype.offset, undefined);
assert.equal(SlowBuffer.prototype.parent, undefined);
assert.equal(SlowBuffer.prototype.offset, undefined);

{
// Test that large negative Buffer length inputs don't affect the pool offset.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just curious, why have we started blocking when no block-scope variables are being used?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@trevnorris Someone suggested it to make sure that the last call in the block here wouldn’t be accidentally moved around in the file/away from the preceding calls that made it fail

Copy link
Member Author

@ChALkeR ChALkeR Jun 13, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@trevnorris
Copy link
Contributor

LGTM.

@MylesBorins
Copy link
Contributor

@ChALkeR
Copy link
Member Author

ChALkeR commented Jun 17, 2016

This was also reviewed by @jasnell as a part of #7169.

Treat negative length arguments to `Buffer()`/`allocUnsafe()`
as if they were zero so the allocation does not affect the
pool’s offset.

Fixes: nodejs#7047

Refs: nodejs#7051
PR-URL: nodejs#7221
Reviewed-By: Trevor Norris <[email protected]>
Reviewed-By: James M Snell <[email protected]>
@ChALkeR ChALkeR merged commit 27785ae into nodejs:v5.x Jun 17, 2016
ChALkeR pushed a commit to ChALkeR/io.js that referenced this pull request Jun 19, 2016
Treat negative length arguments to `Buffer()`/`allocUnsafe()`
as if they were zero so the allocation does not affect the
pool’s offset.

Fixes: nodejs#7047

Refs: nodejs#7051
PR-URL: nodejs#7221
Reviewed-By: Trevor Norris <[email protected]>
Reviewed-By: James M Snell <[email protected]>
evanlucas added a commit that referenced this pull request Jun 23, 2016
Notable changes:

This is a security release. All Node.js users should consult the security
release summary at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases
for details on patched vulnerabilities.

* **buffer**
  * backport allocUnsafeSlow (Сковорода Никита Андреевич) [#7169](#7169)
  * ignore negative allocation lengths (Anna Henningsen) [#7221](#7221)
* **deps**: backport 3a9bfec from v8 upstream (Ben Noordhuis) [nodejs/node-private#40](https://github.com/nodejs/node-private/pull/40)
  * Fixes a Buffer overflow vulnerability discovered in v8. More details
    can be found in the CVE (CVE-2016-1699).

PR-URL: https://github.com/nodejs/node-private/pull/51
ChALkeR pushed a commit to ChALkeR/io.js that referenced this pull request Jul 8, 2016
Treat negative length arguments to `Buffer()`/`allocUnsafe()`
as if they were zero so the allocation does not affect the
pool’s offset.

Fixes: nodejs#7047

Refs: nodejs#7051
Refs: nodejs#7221
Refs: nodejs#7475
PR-URL: nodejs#7562
Reviewed-By: Trevor Norris <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Nikolai Vavilov <[email protected]>
MylesBorins pushed a commit that referenced this pull request Jul 8, 2016
Treat negative length arguments to `Buffer()`/`allocUnsafe()`
as if they were zero so the allocation does not affect the
pool’s offset.

Fixes: #7047

Refs: #7051
Refs: #7221
Refs: #7475
PR-URL: #7562
Reviewed-By: Trevor Norris <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Nikolai Vavilov <[email protected]>
MylesBorins pushed a commit that referenced this pull request Jul 11, 2016
Treat negative length arguments to `Buffer()`/`allocUnsafe()`
as if they were zero so the allocation does not affect the
pool’s offset.

Fixes: #7047

Refs: #7051
Refs: #7221
Refs: #7475
PR-URL: #7562
Reviewed-By: Trevor Norris <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Nikolai Vavilov <[email protected]>
MylesBorins pushed a commit that referenced this pull request Jul 12, 2016
Treat negative length arguments to `Buffer()`/`allocUnsafe()`
as if they were zero so the allocation does not affect the
pool’s offset.

Fixes: #7047

Refs: #7051
Refs: #7221
Refs: #7475
PR-URL: #7562
Reviewed-By: Trevor Norris <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Nikolai Vavilov <[email protected]>
MylesBorins pushed a commit that referenced this pull request Jul 14, 2016
Treat negative length arguments to `Buffer()`/`allocUnsafe()`
as if they were zero so the allocation does not affect the
pool’s offset.

Fixes: #7047

Refs: #7051
Refs: #7221
Refs: #7475
PR-URL: #7562
Reviewed-By: Trevor Norris <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Nikolai Vavilov <[email protected]>
MylesBorins pushed a commit that referenced this pull request Jul 14, 2016
Treat negative length arguments to `Buffer()`/`allocUnsafe()`
as if they were zero so the allocation does not affect the
pool’s offset.

Fixes: #7047

Refs: #7051
Refs: #7221
Refs: #7475
PR-URL: #7562
Reviewed-By: Trevor Norris <[email protected]>
Reviewed-By: James M Snell <[email protected]>
Reviewed-By: Nikolai Vavilov <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
buffer Issues and PRs related to the buffer subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants