-
Notifications
You must be signed in to change notification settings - Fork 30.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(v6.x backport) zlib: fix node crashing on invalid options #13201
Conversation
This is a partial backport of semver-patch bits of 9e4660b. This commit fixes the Node process crashing when constructors of classes of the zlib module are given invalid options. * Throw an Error when the zlib library rejects the value of windowBits, instead of crashing with an assertion. * Treat windowBits and memLevel options consistently with other ones and don't crash when non-numeric values are given. Refs: nodejs#13098
ctx->dictionary_ = reinterpret_cast<Bytef *>(dictionary); | ||
ctx->dictionary_len_ = dictionary_len; | ||
|
||
ctx->write_in_progress_ = false; | ||
ctx->init_done_ = true; | ||
|
||
if (ctx->err_ != Z_OK) { | ||
if (dictionary != nullptr) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fwiw, you don't need the conditional, the following two lines of code can run correctly whether dictionary is nullptr or not.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh, nice. Thanks.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM % small nits
lib/zlib.js
Outdated
var memLevel = exports.Z_DEFAULT_MEMLEVEL; | ||
if (typeof opts.memLevel === 'number') memLevel = opts.memLevel; | ||
|
||
this._handle.init(windowBits || exports.Z_DEFAULT_WINDOWBITS, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If your changing this line anyway, IMHO handle the fallback in 383 (opts.windowBits && typeof...
)
lib/zlib.js
Outdated
level, | ||
opts.memLevel || exports.Z_DEFAULT_MEMLEVEL, | ||
memLevel || exports.Z_DEFAULT_MEMLEVEL, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ditto
|
||
// For raw deflate encoding, requests for 256-byte windows are rejected as | ||
// invalid by zlib. | ||
// (http://zlib.net/manual.html#Advanced) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
change to:
Ref: http://zlib.net/manual.html#Advanced
Dismissed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not a good idea to change this one since that's how it is already committed to master.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ack.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Win! 💯
(appreciated all the branch juggling you did for that)
This can land once we do the next v6.x release |
This is a partial backport of semver-patch bits of 9e4660b. This commit fixes the Node process crashing when constructors of classes of the zlib module are given invalid options. * Throw an Error when the zlib library rejects the value of windowBits, instead of crashing with an assertion. * Treat windowBits and memLevel options consistently with other ones and don't crash when non-numeric values are given. PR-URL: nodejs#13098 Backport-PR-URL: nodejs#13201 Fixes: nodejs#13082 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Landed in 321c90f |
This is a partial backport of semver-patch bits of 9e4660b. This commit fixes the Node process crashing when constructors of classes of the zlib module are given invalid options. * Throw an Error when the zlib library rejects the value of windowBits, instead of crashing with an assertion. * Treat windowBits and memLevel options consistently with other ones and don't crash when non-numeric values are given. PR-URL: #13098 Backport-PR-URL: #13201 Fixes: #13082 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
This is a partial backport of semver-patch bits of 9e4660b. This commit fixes the Node process crashing when constructors of classes of the zlib module are given invalid options. * Throw an Error when the zlib library rejects the value of windowBits, instead of crashing with an assertion. * Treat windowBits and memLevel options consistently with other ones and don't crash when non-numeric values are given. PR-URL: #13098 Backport-PR-URL: #13201 Fixes: #13082 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
This should probably be released together with #14666 |
This is a partial backport of semver-patch bits of 9e4660b.
This commit fixes the Node process crashing when constructors of classes
of the zlib module are given invalid options.
Throw an Error when the zlib library rejects the value of windowBits,
instead of crashing with an assertion.
Treat windowBits and memLevel options consistently with other ones and
don't crash when non-numeric values are given.
Refs: #13098
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passesAffected core subsystem(s)
zlib