Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport «buffer: ignore negative allocation lengths» to v5.x #7221

Merged
merged 1 commit into from
Jun 17, 2016
Merged

Backport «buffer: ignore negative allocation lengths» to v5.x #7221

merged 1 commit into from
Jun 17, 2016
+13 −2

Conversation

ChALkeR
Copy link
Member

@ChALkeR ChALkeR commented Jun 8, 2016
edited
Loading

This backports #7051 (by @addaleax) to v5.x.
It landed cleanly and is straightforward fix for #7047.

I originally included this in #7169 backport, but that one is semver-minor, and I'm not exactly sure if the next 5.x release will be a semver-minor, but I definitely want this to make it into the next 5.x release.

/cc @jasnell, you already reviewed this backport in #7169, but could you also leave a comment here?
Also /cc @thealphanerd

@nodejs-github-bot nodejs-github-bot added the buffer Issues and PRs related to the buffer subsystem. label Jun 8, 2016
@ChALkeR ChALkeR added the v5.x label Jun 8, 2016
trevnorris
trevnorris reviewed Jun 13, 2016
View reviewed changes
test/parallel/test-buffer.js
@@ -1438,3 +1438,14 @@ assert.equal(Buffer.prototype.parent, undefined);
assert.equal(Buffer.prototype.offset, undefined);
assert.equal(SlowBuffer.prototype.parent, undefined);
assert.equal(SlowBuffer.prototype.offset, undefined);

{
// Test that large negative Buffer length inputs don't affect the pool offset.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just curious, why have we started blocking when no block-scope variables are being used?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@trevnorris Someone suggested it to make sure that the last call in the block here wouldn’t be accidentally moved around in the file/away from the preceding calls that made it fail

Copy link
Member Author

@ChALkeR ChALkeR Jun 13, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That was @Fishrock123 in #7051 (comment).

@trevnorris
Copy link
Contributor

LGTM.

@MylesBorins
Copy link
Contributor

ci: https://ci.nodejs.org/job/node-test-pull-request/3006/

@ChALkeR
Copy link
Member Author

ChALkeR commented Jun 17, 2016

This was also reviewed by @jasnell as a part of #7169.

@addaleax @ChALkeR
buffer: ignore negative allocation lengths
27785ae 
Treat negative length arguments to `Buffer()`/`allocUnsafe()`
as if they were zero so the allocation does not affect the
pool’s offset.

Fixes: nodejs#7047

Refs: nodejs#7051
PR-URL: nodejs#7221
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
@ChALkeR ChALkeR merged commit 27785ae into nodejs:v5.x Jun 17, 2016
@ChALkeR ChALkeR mentioned this pull request Jun 17, 2016
Merged
ChALkeR pushed a commit to ChALkeR/io.js that referenced this pull request Jun 19, 2016
@addaleax @ChALkeR
buffer: ignore negative allocation lengths
f17b3e2 
Treat negative length arguments to `Buffer()`/`allocUnsafe()`
as if they were zero so the allocation does not affect the
pool’s offset.

Fixes: nodejs#7047

Refs: nodejs#7051
PR-URL: nodejs#7221
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
evanlucas added a commit that referenced this pull request Jun 23, 2016
@evanlucas
2016-06-23, Version 5.12.0 (Stable)
6a94383 
Notable changes:

This is a security release. All Node.js users should consult the security
release summary at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases
for details on patched vulnerabilities.

* **buffer**
  * backport allocUnsafeSlow (Сковорода Никита Андреевич) [#7169](#7169)
  * ignore negative allocation lengths (Anna Henningsen) [#7221](#7221)
* **deps**: backport 3a9bfec from v8 upstream (Ben Noordhuis) [nodejs/node-private#40](https://github.com/nodejs/node-private/pull/40)
  * Fixes a Buffer overflow vulnerability discovered in v8. More details
    can be found in the CVE (CVE-2016-1699).

PR-URL: https://github.com/nodejs/node-private/pull/51
ChALkeR pushed a commit to ChALkeR/io.js that referenced this pull request Jul 8, 2016
@addaleax @ChALkeR
buffer: ignore negative allocation lengths
18b5ef9 
Treat negative length arguments to `Buffer()`/`allocUnsafe()`
as if they were zero so the allocation does not affect the
pool’s offset.

Fixes: nodejs#7047

Refs: nodejs#7051
Refs: nodejs#7221
Refs: nodejs#7475
PR-URL: nodejs#7562
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Nikolai Vavilov <vvnicholas@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 8, 2016
@addaleax
buffer: ignore negative allocation lengths
9ef71ab 
Treat negative length arguments to `Buffer()`/`allocUnsafe()`
as if they were zero so the allocation does not affect the
pool’s offset.

Fixes: #7047

Refs: #7051
Refs: #7221
Refs: #7475
PR-URL: #7562
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Nikolai Vavilov <vvnicholas@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 11, 2016
@addaleax
buffer: ignore negative allocation lengths
ee2f08f 
Treat negative length arguments to `Buffer()`/`allocUnsafe()`
as if they were zero so the allocation does not affect the
pool’s offset.

Fixes: #7047

Refs: #7051
Refs: #7221
Refs: #7475
PR-URL: #7562
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Nikolai Vavilov <vvnicholas@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 12, 2016
@addaleax
buffer: ignore negative allocation lengths
022439c 
Treat negative length arguments to `Buffer()`/`allocUnsafe()`
as if they were zero so the allocation does not affect the
pool’s offset.

Fixes: #7047

Refs: #7051
Refs: #7221
Refs: #7475
PR-URL: #7562
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Nikolai Vavilov <vvnicholas@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 14, 2016
@addaleax
buffer: ignore negative allocation lengths
725c8c4 
Treat negative length arguments to `Buffer()`/`allocUnsafe()`
as if they were zero so the allocation does not affect the
pool’s offset.

Fixes: #7047

Refs: #7051
Refs: #7221
Refs: #7475
PR-URL: #7562
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Nikolai Vavilov <vvnicholas@gmail.com>
MylesBorins pushed a commit that referenced this pull request Jul 14, 2016
@addaleax
buffer: ignore negative allocation lengths
200429e 
Treat negative length arguments to `Buffer()`/`allocUnsafe()`
as if they were zero so the allocation does not affect the
pool’s offset.

Fixes: #7047

Refs: #7051
Refs: #7221
Refs: #7475
PR-URL: #7562
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Nikolai Vavilov <vvnicholas@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
buffer Issues and PRs related to the buffer subsystem.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@ChALkeR @trevnorris @MylesBorins @addaleax @nodejs-github-bot