From e09f7f023af570bdd9f4edc12589d7ce7b05d6f6 Mon Sep 17 00:00:00 2001
From: Anna Henningsen <anna@addaleax.net>
Date: Sun, 4 Oct 2020 02:06:05 +0200
Subject: [PATCH] src: limit GetProcessTitle() result to 1MB
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

`GetProcessTitle()` otherwise runs an infinite loop when
`uv_setup_argv()` has not been called (yet). This is a problem
e.g. in assertions from static constructors, which run before
`main()` and thus before `argc` and `argv` become available.

To solve that, do not allocate more than 1MB of storage for the
title and bail out if we reach that point.

PR-URL: https://github.com/nodejs/node/pull/35492
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
---
 src/util.cc | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/util.cc b/src/util.cc
index c604c4c9555b60..01e15acb0e5c09 100644
--- a/src/util.cc
+++ b/src/util.cc
@@ -144,7 +144,10 @@ std::string GetProcessTitle(const char* default_title) {
     if (rc == 0)
       break;
 
-    if (rc != UV_ENOBUFS)
+    // If uv_setup_args() was not called, `uv_get_process_title()` will always
+    // return `UV_ENOBUFS`, no matter the input size. Guard against a possible
+    // infinite loop by limiting the buffer size.
+    if (rc != UV_ENOBUFS || buf.size() >= 1024 * 1024)
       return default_title;
 
     buf.resize(2 * buf.size());