From 7d7a9b473a75714eacc91392d45f0571612fd546 Mon Sep 17 00:00:00 2001
From: Anna Henningsen <anna@addaleax.net>
Date: Fri, 29 May 2020 23:39:39 +0200
Subject: [PATCH 1/2] src: perform bounds checking on error source line

Fixes: https://github.com/nodejs/node/issues/33578
---
 src/node_errors.cc | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/node_errors.cc b/src/node_errors.cc
index 22bc4d994b8859..3c75b27c4740e4 100644
--- a/src/node_errors.cc
+++ b/src/node_errors.cc
@@ -56,6 +56,7 @@ static std::string GetErrorSource(Isolate* isolate,
   MaybeLocal<String> source_line_maybe = message->GetSourceLine(context);
   node::Utf8Value encoded_source(isolate, source_line_maybe.ToLocalChecked());
   std::string sourceline(*encoded_source, encoded_source.length());
+  *added_exception_line = false;
 
   // If source maps have been enabled, the exception line will instead be
   // added in the JavaScript context:
@@ -63,12 +64,10 @@ static std::string GetErrorSource(Isolate* isolate,
   const bool has_source_map_url =
       !message->GetScriptOrigin().SourceMapUrl().IsEmpty();
   if (has_source_map_url && env->source_maps_enabled()) {
-    *added_exception_line = false;
     return sourceline;
   }
 
   if (sourceline.find("node-do-not-add-exception-line") != std::string::npos) {
-    *added_exception_line = false;
     return sourceline;
   }
 
@@ -116,6 +115,12 @@ static std::string GetErrorSource(Isolate* isolate,
                             sourceline.c_str());
   CHECK_GT(buf.size(), 0);
 
+  if (start >= end ||
+      start < 0 ||
+      static_cast<size_t>(end) > sourceline.size()) {
+    return buf;
+  }
+
   constexpr int kUnderlineBufsize = 1020;
   char underline_buf[kUnderlineBufsize + 4];
   int off = 0;

From e9e7286bf0b2c02ef797ee5847720d1eecfa9e94 Mon Sep 17 00:00:00 2001
From: Anna Henningsen <anna@addaleax.net>
Date: Sat, 30 May 2020 12:45:35 +0200
Subject: [PATCH 2/2] fixup! src: perform bounds checking on error source line

---
 src/node_errors.cc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/node_errors.cc b/src/node_errors.cc
index 3c75b27c4740e4..47699eca4d7390 100644
--- a/src/node_errors.cc
+++ b/src/node_errors.cc
@@ -114,8 +114,9 @@ static std::string GetErrorSource(Isolate* isolate,
                             linenum,
                             sourceline.c_str());
   CHECK_GT(buf.size(), 0);
+  *added_exception_line = true;
 
-  if (start >= end ||
+  if (start > end ||
       start < 0 ||
       static_cast<size_t>(end) > sourceline.size()) {
     return buf;
@@ -142,7 +143,6 @@ static std::string GetErrorSource(Isolate* isolate,
   CHECK_LE(off, kUnderlineBufsize);
   underline_buf[off++] = '\n';
 
-  *added_exception_line = true;
   return buf + std::string(underline_buf, off);
 }