From a4875fa3ceff1714799362e76b8c815b01dcf0f6 Mon Sep 17 00:00:00 2001 From: Ben Noordhuis Date: Tue, 20 Dec 2022 23:11:53 +0100 Subject: [PATCH] src: fix UB in overflow checks Refs: https://github.com/nodejs/node/issues/45868 PR-URL: https://github.com/nodejs/node/pull/45882 Reviewed-By: Anna Henningsen Reviewed-By: Santiago Gimeno Reviewed-By: Colin Ihrig Reviewed-By: Mohammed Keyvanzadeh Reviewed-By: James M Snell --- src/process_wrap.cc | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/process_wrap.cc b/src/process_wrap.cc index f37292aac3ada9..ffa5dbd1306a6d 100644 --- a/src/process_wrap.cc +++ b/src/process_wrap.cc @@ -24,8 +24,9 @@ #include "stream_wrap.h" #include "util-inl.h" -#include +#include #include +#include namespace node { @@ -190,7 +191,7 @@ class ProcessWrap : public HandleWrap { if (!argv_v.IsEmpty() && argv_v->IsArray()) { Local js_argv = argv_v.As(); int argc = js_argv->Length(); - CHECK_GT(argc + 1, 0); // Check for overflow. + CHECK_LT(argc, INT_MAX); // Check for overflow. // Heap allocate to detect errors. +1 is for nullptr. options.args = new char*[argc + 1]; @@ -218,7 +219,7 @@ class ProcessWrap : public HandleWrap { if (!env_v.IsEmpty() && env_v->IsArray()) { Local env_opt = env_v.As(); int envc = env_opt->Length(); - CHECK_GT(envc + 1, 0); // Check for overflow. + CHECK_LT(envc, INT_MAX); // Check for overflow. options.env = new char*[envc + 1]; // Heap allocated to detect errors. for (int i = 0; i < envc; i++) { node::Utf8Value pair(env->isolate(),