fs: don't segfault on deeply recursive stat()
Check that the calls to Integer::New() and Date::New() succeed and bail out if they don't. V8 returns an empty handle on stack overflow. Trying to set the empty handle as a property on an object results in a NULL pointer dereference in release builds and an assert in debug builds. Fixes #4015.
This commit is contained in:
Ben Noordhuis
parent
1d52968d1d
commit
07804c7c9a
@ -301,46 +301,49 @@ Local<Object> BuildStatsObject(const uv_statbuf_t* s) {
|
||||
Local<Object> stats =
|
||||
stats_constructor_template->GetFunction()->NewInstance();
|
||||
|
||||
/* ID of device containing file */
|
||||
stats->Set(dev_symbol, Integer::New(s->st_dev));
|
||||
if (stats.IsEmpty()) return Local<Object>();
|
||||
|
||||
/* inode number */
|
||||
stats->Set(ino_symbol, Integer::New(s->st_ino));
|
||||
// The code below is very nasty-looking but it prevents a segmentation fault
|
||||
// when people run JS code like the snippet below. It's apparently more
|
||||
// common than you would expect, several people have reported this crash...
|
||||
//
|
||||
// function crash() {
|
||||
// fs.statSync('.');
|
||||
// crash();
|
||||
// }
|
||||
//
|
||||
// We need to check the return value of Integer::New() and Date::New()
|
||||
// and make sure that we bail out when V8 returns an empty handle.
|
||||
#define X(name) \
|
||||
{ \
|
||||
Local<Value> val = Integer::New(s->st_##name); \
|
||||
if (val.IsEmpty()) return Local<Object>(); \
|
||||
stats->Set(name##_symbol, val); \
|
||||
}
|
||||
X(dev)
|
||||
X(ino)
|
||||
X(mode)
|
||||
X(nlink)
|
||||
X(uid)
|
||||
X(gid)
|
||||
X(rdev)
|
||||
X(size)
|
||||
# if defined(__POSIX__)
|
||||
X(blksize)
|
||||
X(blocks)
|
||||
# endif
|
||||
#undef X
|
||||
|
||||
/* protection */
|
||||
stats->Set(mode_symbol, Integer::New(s->st_mode));
|
||||
|
||||
/* number of hard links */
|
||||
stats->Set(nlink_symbol, Integer::New(s->st_nlink));
|
||||
|
||||
/* user ID of owner */
|
||||
stats->Set(uid_symbol, Integer::New(s->st_uid));
|
||||
|
||||
/* group ID of owner */
|
||||
stats->Set(gid_symbol, Integer::New(s->st_gid));
|
||||
|
||||
/* device ID (if special file) */
|
||||
stats->Set(rdev_symbol, Integer::New(s->st_rdev));
|
||||
|
||||
/* total size, in bytes */
|
||||
stats->Set(size_symbol, Number::New(s->st_size));
|
||||
|
||||
#ifdef __POSIX__
|
||||
/* blocksize for filesystem I/O */
|
||||
stats->Set(blksize_symbol, Integer::New(s->st_blksize));
|
||||
|
||||
/* number of blocks allocated */
|
||||
stats->Set(blocks_symbol, Integer::New(s->st_blocks));
|
||||
#endif
|
||||
|
||||
/* time of last access */
|
||||
stats->Set(atime_symbol, NODE_UNIXTIME_V8(s->st_atime));
|
||||
|
||||
/* time of last modification */
|
||||
stats->Set(mtime_symbol, NODE_UNIXTIME_V8(s->st_mtime));
|
||||
|
||||
/* time of last status change */
|
||||
stats->Set(ctime_symbol, NODE_UNIXTIME_V8(s->st_ctime));
|
||||
#define X(name) \
|
||||
{ \
|
||||
Local<Value> val = NODE_UNIXTIME_V8(s->st_##name); \
|
||||
if (val.IsEmpty()) return Local<Object>(); \
|
||||
stats->Set(name##_symbol, val); \
|
||||
}
|
||||
X(atime)
|
||||
X(mtime)
|
||||
X(ctime)
|
||||
#undef X
|
||||
|
||||
return scope.Close(stats);
|
||||
}
|
||||
|
||||
7
test/fixtures/test-regress-GH-4015.js
vendored
Normal file
7
test/fixtures/test-regress-GH-4015.js
vendored
Normal file
@ -0,0 +1,7 @@
|
||||
var fs = require('fs');
|
||||
|
||||
function load() {
|
||||
fs.statSync('.');
|
||||
load();
|
||||
}
|
||||
load();
|
||||
33
test/simple/test-regress-GH-4015.js
Normal file
33
test/simple/test-regress-GH-4015.js
Normal file
@ -0,0 +1,33 @@
|
||||
// Copyright Joyent, Inc. and other Node contributors.
|
||||
//
|
||||
// Permission is hereby granted, free of charge, to any person obtaining a
|
||||
// copy of this software and associated documentation files (the
|
||||
// "Software"), to deal in the Software without restriction, including
|
||||
// without limitation the rights to use, copy, modify, merge, publish,
|
||||
// distribute, sublicense, and/or sell copies of the Software, and to permit
|
||||
// persons to whom the Software is furnished to do so, subject to the
|
||||
// following conditions:
|
||||
//
|
||||
// The above copyright notice and this permission notice shall be included
|
||||
// in all copies or substantial portions of the Software.
|
||||
//
|
||||
// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
|
||||
// OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||
// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
|
||||
// NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
|
||||
// DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
|
||||
// OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
|
||||
// USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
|
||||
var common = require('../common');
|
||||
var assert = require('assert');
|
||||
var exec = require('child_process').exec;
|
||||
|
||||
var cmd = process.execPath
|
||||
+ ' '
|
||||
+ common.fixturesDir
|
||||
+ '/test-regress-GH-4015.js';
|
||||
|
||||
exec(cmd, function(err, stdout, stderr) {
|
||||
assert(/RangeError: Maximum call stack size exceeded/.test(stderr));
|
||||
});
|
||||
Loading…
x
Reference in New Issue
Block a user