Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v6.6.0 node::PBKDF2() Out of Memory #8571

Closed
scttcper opened this issue Sep 17, 2016 · 23 comments
Closed

v6.6.0 node::PBKDF2() Out of Memory #8571

scttcper opened this issue Sep 17, 2016 · 23 comments
Labels
confirmed-bug Issues with confirmed bugs. crypto Issues and PRs related to the crypto subsystem.

Comments

@scttcper
Copy link

scttcper commented Sep 17, 2016

The following code crashes in v6.6.0 on OSX 10.11.6. v6.5.0 does not crash.

running

var crypto = require('crypto');
var salt = new Buffer('McWpw6FL29zJ6E97Le3hKQ==', 'base64');
crypto.pbkdf2('', salt, 1, 32, "sha256", function(error, saltedPassword) {
  console.log(error);
  console.log(saltedPassword);
});

results in

FATAL ERROR: node::PBKDF2() Out of Memory
 1: node::Abort() [/Users/scoope7/.nvm/versions/node/v6.6.0/bin/node]
 2: node::FatalException(v8::Isolate*, v8::Local<v8::Value>, v8::Local<v8::Message>) [/Users/scoope7/.nvm/versions/node/v6.6.0/bin/node]
 3: node::ClearFatalExceptionHandlers(node::Environment*) [/Users/scoope7/.nvm/versions/node/v6.6.0/bin/node]
 4: node::crypto::RandomBytesWork(uv_work_s*) [/Users/scoope7/.nvm/versions/node/v6.6.0/bin/node]
 5: v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const&)) [/Users/scoope7/.nvm/versions/node/v6.6.0/bin/node]
 6: v8::internal::MaybeHandle<v8::internal::Object> v8::internal::(anonymous namespace)::HandleApiCallHelper<false>(v8::internal::Isolate*, v8::internal::(anonymous namespace)::BuiltinArguments<(v8::internal::BuiltinExtraArguments)1>) [/Users/scoope7/.nvm/versions/node/v6.6.0/bin/node]
 7: v8::internal::Builtin_HandleApiCall(int, v8::internal::Object**, v8::internal::Isolate*) [/Users/scoope7/.nvm/versions/node/v6.6.0/bin/node]
 8: 0xe4335f092a7
[1]    45139 abort      node crash.js

This was code extracted out of https://github.com/neumino/rethinkdbdash that was crashing a project.

@mscdex mscdex added the crypto Issues and PRs related to the crypto subsystem. label Sep 17, 2016
@not-an-aardvark
Copy link
Contributor

I was able to reproduce this on OSX 10.11.6.

@MarkHerhold
Copy link

@scttcper Thanks for reporting this! I just hit the same issue in my project which also uses rethinkdbdash, so I assume the issue is the same.

@not-an-aardvark not-an-aardvark added the confirmed-bug Issues with confirmed bugs. label Sep 17, 2016
@mscdex
Copy link
Contributor

mscdex commented Sep 17, 2016

Confirmed on Linux as well.

@not-an-aardvark
Copy link
Contributor

It's possible a00ccb0 is the cause, I'll bisect to verify.

@mscdex
Copy link
Contributor

mscdex commented Sep 17, 2016

I can confirm that reverting a00ccb0 fixes it.

/cc @mhdawson @addaleax @bnoordhuis

@mscdex
Copy link
Contributor

mscdex commented Sep 17, 2016

I think we may need to add a length check for every nullptr check, like what was done in ed640ae? It seems like there are many uses of node::Malloc() without that extra check.

@Trott
Copy link
Member

Trott commented Sep 17, 2016

I think we may need to add a length check for every nullptr check, like what was done in ed640ae?

Sure seems like that change set needs to be gone over to find nullptr checks that might be affected.

As far as the specific issue here, test case and proposed fix at #8572

@niieani
Copy link

niieani commented Sep 17, 2016

I'm also getting a crash when running tsc compilation (TypeScript) with 6.6.0. It works with 6.5.0. Not sure if it's the same error though.

@not-an-aardvark
Copy link
Contributor

not-an-aardvark commented Sep 17, 2016

@niieani, would you mind posting the stack trace of the tsc crash (assuming there is a stack trace)? This will help us triage the issue to figure out if it's the same one, or create a new fix if not.

@ghiscoding
Copy link

I can also confirm that reverting back to NodeJS v6.5 fixes the problem (running on Win10). I will stick with 6.5 until resolution.

@niieani
Copy link

niieani commented Sep 18, 2016

@not-an-aardvark No stack trace, unless I need to pass some parameter to force displaying it? tsc just ends abruptly without actually doing anything, while on 6.5.0 it works properly.

davidbanham added a commit to Prismatik/dendritic that referenced this issue Sep 18, 2016
@doomedramen
Copy link

Error reproduced on macOS Sierra with node v6.6.0.

@juicelink
Copy link

Same error on official node 6 docker image that reference 6.6.0 version since a few days. Switched to a custom image ( no 6.5 official image available)

@johanbrandhorst
Copy link

@juicelink You don't happen to have a public vanilla 6.5 image on docker hub we can all peruse until this blows over?

mscdex added a commit to mscdex/io.js that referenced this issue Sep 20, 2016
@juicelink
Copy link

juicelink/node image is the official one downgraded to 6.5.0

@niieani
Copy link

niieani commented Sep 21, 2016

Since this came up now, something like this might also happen in the future. May we ask the maintainers of the docker images to keep tagging minor versions, not only major ones? I.e. have both the :6 tag, for the latest Node 6 and :6.0, :6.1, etc. for minor ones.

@mormahr
Copy link

mormahr commented Sep 21, 2016

The Docker Library still has the old versions :)
So "FROM node:6.5" should work

Trott added a commit to Trott/io.js that referenced this issue Sep 21, 2016
Change `Malloc()/Calloc()` so that size zero does not return a null
pointer, consistent with prior behavior.

Fixes: nodejs#8571
@mofax
Copy link

mofax commented Sep 22, 2016

Just updated to v6.6.0 on ubuntu 16.04, and this showed up; everything crashed

@Trott Trott closed this as completed in d2eb7ce Sep 22, 2016
@Trott
Copy link
Member

Trott commented Sep 22, 2016

This is fixed in d2eb7ce. That should be in the next release in the Node.js version 6.x line (which will be either 6.6.1 or 6.7.0). I believe it will also be in the next Node.js version 7 beta which should be out next week. (First beta came out today.)

@pkese
Copy link

pkese commented Sep 23, 2016

I would assume, now that the bug is fixed, that a new version of nodejs would be pushed out with this fix applied ASAP, i.e. hopefully before next week.

Lots of people who followed the recommended install procedure from nodesource.com are now having this broken 6.6.0 version (.deb or .rpm) installed on their linux systems. It is a major pain to find workarounds (pinning old package versions or simply not updating their linux distros) just because of this bug.

@MylesBorins
Copy link
Contributor

@pkese unfortunately we do not do Friday releases for a number of reasons. There will be a security update coming out next Tuesday, and I believe we intent to ship the above fix as part of it.

https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/

MylesBorins pushed a commit that referenced this issue Sep 23, 2016
Change `Malloc()/Calloc()` so that size zero does not return a null
pointer, consistent with prior behavior.

Fixes: #8571
PR-URL: #8572
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@keybase.io>
Reviewed-By: Yorkie Liu <yorkiefixer@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
@MylesBorins
Copy link
Contributor

I've gone ahead and backported this to v6.x-staging, this will help to make sure it isn't missed

MylesBorins pushed a commit that referenced this issue Sep 26, 2016
Change `Malloc()/Calloc()` so that size zero does not return a null
pointer, consistent with prior behavior.

Fixes: #8571
PR-URL: #8572
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@keybase.io>
Reviewed-By: Yorkie Liu <yorkiefixer@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
@MylesBorins
Copy link
Contributor

This was released with v6.7.0

jasnell pushed a commit that referenced this issue Sep 29, 2016
Change `Malloc()/Calloc()` so that size zero does not return a null
pointer, consistent with prior behavior.

Fixes: #8571
PR-URL: #8572
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@keybase.io>
Reviewed-By: Yorkie Liu <yorkiefixer@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
addaleax pushed a commit to addaleax/node that referenced this issue Nov 22, 2016
Change `Malloc()/Calloc()` so that size zero does not return a null
pointer, consistent with prior behavior.

Fixes: nodejs#8571
PR-URL: nodejs#8572
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@keybase.io>
Reviewed-By: Yorkie Liu <yorkiefixer@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
MylesBorins pushed a commit that referenced this issue Nov 22, 2016
Change `Malloc()/Calloc()` so that size zero does not return a null
pointer, consistent with prior behavior.

Fixes: #8571
PR-URL: #8572
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@keybase.io>
Reviewed-By: Yorkie Liu <yorkiefixer@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
tniessen added a commit to tniessen/node that referenced this issue Sep 6, 2022
Assuming that UncheckedMalloc(0) returns a non-nullptr is non-standard
and we use other allocators as well (e.g., OPENSSL_malloc) that do not
guarantee this behavior. It is the caller's responsibility to check that
size != 0 implies UncheckedMalloc(size) != nullptr, and that's exactly
what the checked variants (Malloc etc.) already do.

The current behavior is also inconsistent with UncheckedRealloc(), which
always returns a nullptr when the size is 0, and with the documentation
in src/README.md.

Refs: nodejs#8571
Refs: nodejs#8572
tniessen added a commit to tniessen/node that referenced this issue Sep 6, 2022
Assuming that UncheckedMalloc(0) returns a non-nullptr is non-standard
and we use other allocators as well (e.g., OPENSSL_malloc) that do not
guarantee this behavior. It is the caller's responsibility to check that
size != 0 implies UncheckedMalloc(size) != nullptr, and that's exactly
what the checked variants (Malloc etc.) already do.

The current behavior is also inconsistent with UncheckedRealloc(), which
always returns a nullptr when the size is 0, and with the documentation
in src/README.md.

Refs: nodejs#8571
Refs: nodejs#8572
tniessen added a commit to tniessen/node that referenced this issue Sep 6, 2022
Assuming that UncheckedMalloc(0) returns a non-nullptr is non-standard
and we use other allocators as well (e.g., OPENSSL_malloc) that do not
guarantee this behavior. It is the caller's responsibility to check that
size != 0 implies UncheckedMalloc(size) != nullptr, and that's exactly
what the checked variants (Malloc etc.) already do.

The current behavior is also inconsistent with UncheckedRealloc(), which
always returns a nullptr when the size is 0, and with the documentation
in src/README.md.

Refs: nodejs#8571
Refs: nodejs#8572
tniessen added a commit to tniessen/node that referenced this issue Sep 8, 2022
Assuming that UncheckedMalloc(0) returns a non-nullptr is non-standard
and we use other allocators as well (e.g., OPENSSL_malloc) that do not
guarantee this behavior. It is the caller's responsibility to check that
size != 0 implies UncheckedMalloc(size) != nullptr, and that's exactly
what the checked variants (Malloc etc.) already do.

The current behavior is also inconsistent with UncheckedRealloc(), which
always returns a nullptr when the size is 0, and with the documentation
in src/README.md as well as with multiple comments in the source code.

This changes UncheckedMalloc(), UncheckedCalloc(), and
UncheckedRealloc() to always return a nullptr when the size is 0 instead
of doing fake allocations in UncheckedMalloc() and UncheckedCalloc()
while returning a nullptr from UncheckedRealloc(). This is consistent
with existing documentation and comments.

Refs: nodejs#8571
Refs: nodejs#8572
nodejs-github-bot pushed a commit that referenced this issue Oct 5, 2022
Assuming that UncheckedMalloc(0) returns a non-nullptr is non-standard
and we use other allocators as well (e.g., OPENSSL_malloc) that do not
guarantee this behavior. It is the caller's responsibility to check that
size != 0 implies UncheckedMalloc(size) != nullptr, and that's exactly
what the checked variants (Malloc etc.) already do.

The current behavior is also inconsistent with UncheckedRealloc(), which
always returns a nullptr when the size is 0, and with the documentation
in src/README.md as well as with multiple comments in the source code.

This changes UncheckedMalloc(), UncheckedCalloc(), and
UncheckedRealloc() to always return a nullptr when the size is 0 instead
of doing fake allocations in UncheckedMalloc() and UncheckedCalloc()
while returning a nullptr from UncheckedRealloc(). This is consistent
with existing documentation and comments.

Refs: #8571
Refs: #8572
PR-URL: #44543
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
danielleadams pushed a commit that referenced this issue Oct 11, 2022
Assuming that UncheckedMalloc(0) returns a non-nullptr is non-standard
and we use other allocators as well (e.g., OPENSSL_malloc) that do not
guarantee this behavior. It is the caller's responsibility to check that
size != 0 implies UncheckedMalloc(size) != nullptr, and that's exactly
what the checked variants (Malloc etc.) already do.

The current behavior is also inconsistent with UncheckedRealloc(), which
always returns a nullptr when the size is 0, and with the documentation
in src/README.md as well as with multiple comments in the source code.

This changes UncheckedMalloc(), UncheckedCalloc(), and
UncheckedRealloc() to always return a nullptr when the size is 0 instead
of doing fake allocations in UncheckedMalloc() and UncheckedCalloc()
while returning a nullptr from UncheckedRealloc(). This is consistent
with existing documentation and comments.

Refs: #8571
Refs: #8572
PR-URL: #44543
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
confirmed-bug Issues with confirmed bugs. crypto Issues and PRs related to the crypto subsystem.
Projects
None yet
Development

Successfully merging a pull request may close this issue.