1berry/nodejs
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

src: fix validation of negative offset to avoid abort

Browse Source 
Fixes: https://github.com/nodejs/node/issues/24640
Signed-off-by: James M Snell <jasnell@gmail.com>

PR-URL: https://github.com/nodejs/node/pull/38421
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Nitzan Uziely <linkgoron@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
This commit is contained in:
James M Snell 2021-04-26 10:58:41 -07:00
parent 896e5af1fd
commit 4af15df013
No known key found for this signature in database
GPG Key ID: 7341B15C070877AC
5 changed files with 65 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/fs.js
View File

@ -630,7 +630,7 @@ function read(fd, buffer, offset, length, position, callback) {
if (offset == null) { if (offset == null) {
offset = 0; offset = 0;
} else { } else {
validateInteger(offset, 'offset'); validateInteger(offset, 'offset', 0);
} }
length |= 0; length |= 0;
@ -694,7 +694,7 @@ function readSync(fd, buffer, offset, length, position) {
if (offset == null) { if (offset == null) {
offset = 0; offset = 0;
} else { } else {
validateInteger(offset, 'offset'); validateInteger(offset, 'offset', 0);
} }
length |= 0; length |= 0;
@ -806,7 +806,7 @@ function write(fd, buffer, offset, length, position, callback) {
if (offset == null || typeof offset === 'function') { if (offset == null || typeof offset === 'function') {
offset = 0; offset = 0;
} else { } else {
validateInteger(offset, 'offset'); validateInteger(offset, 'offset', 0);
} }
if (typeof length !== 'number') if (typeof length !== 'number')
length = buffer.byteLength - offset; length = buffer.byteLength - offset;
@ -863,7 +863,7 @@ function writeSync(fd, buffer, offset, length, position) {
if (offset == null) { if (offset == null) {
offset = 0; offset = 0;
} else { } else {
validateInteger(offset, 'offset'); validateInteger(offset, 'offset', 0);
} }
if (typeof length !== 'number') if (typeof length !== 'number')
length = buffer.byteLength - offset; length = buffer.byteLength - offset;

4
lib/internal/fs/promises.js
View File

@ -432,7 +432,7 @@ async function read(handle, bufferOrOptions, offset, length, position) {
if (offset == null) { if (offset == null) {
offset = 0; offset = 0;
} else { } else {
validateInteger(offset, 'offset'); validateInteger(offset, 'offset', 0);
} }
length |= 0; length |= 0;
@ -475,7 +475,7 @@ async function write(handle, buffer, offset, length, position) {
if (offset == null) { if (offset == null) {
offset = 0; offset = 0;
} else { } else {
validateInteger(offset, 'offset'); validateInteger(offset, 'offset', 0);
} }
if (typeof length !== 'number') if (typeof length !== 'number')
length = buffer.byteLength - offset; length = buffer.byteLength - offset;

4
lib/internal/fs/utils.js
View File

@ -655,6 +655,10 @@ const validateOffsetLengthWrite = hideStackFrames(
if (length > byteLength - offset) { if (length > byteLength - offset) {
throw new ERR_OUT_OF_RANGE('length', `<= ${byteLength - offset}`, length); throw new ERR_OUT_OF_RANGE('length', `<= ${byteLength - offset}`, length);
} }
if (length < 0) {
throw new ERR_OUT_OF_RANGE('length', '>= 0', length);
}
} }
); );

4
test/parallel/test-fs-read-type.js
View File

@ -44,8 +44,6 @@ assert.throws(() => {
}, { }, {
code: 'ERR_OUT_OF_RANGE', code: 'ERR_OUT_OF_RANGE',
name: 'RangeError', name: 'RangeError',
message: 'The value of "offset" is out of range. It must be >= 0. ' +
'Received -1'
}); });
assert.throws(() => { assert.throws(() => {
@ -157,8 +155,6 @@ assert.throws(() => {
}, { }, {
code: 'ERR_OUT_OF_RANGE', code: 'ERR_OUT_OF_RANGE',
name: 'RangeError', name: 'RangeError',
message: 'The value of "offset" is out of range. ' +
'It must be >= 0. Received -1'
}); });
assert.throws(() => { assert.throws(() => {

55
test/parallel/test-fs-write-negativeoffset.js Normal file
View File

@ -0,0 +1,55 @@
'use strict';
// Tests that passing a negative offset does not crash the process
const common = require('../common');
const {
join,
} = require('path');
const {
closeSync,
open,
write,
writeSync,
} = require('fs');
const assert = require('assert');
const tmpdir = require('../common/tmpdir');
tmpdir.refresh();
const filename = join(tmpdir.path, 'test.txt');
open(filename, 'w+', common.mustSucceed((fd) => {
assert.throws(() => {
write(fd, Buffer.alloc(0), -1, common.mustNotCall());
}, {
code: 'ERR_OUT_OF_RANGE',
});
assert.throws(() => {
writeSync(fd, Buffer.alloc(0), -1);
}, {
code: 'ERR_OUT_OF_RANGE',
});
closeSync(fd);
}));
const filename2 = join(tmpdir.path, 'test2.txt');
// Make sure negative length's don't cause aborts either
open(filename2, 'w+', common.mustSucceed((fd) => {
assert.throws(() => {
write(fd, Buffer.alloc(0), 0, -1, common.mustNotCall());
}, {
code: 'ERR_OUT_OF_RANGE',
});
assert.throws(() => {
writeSync(fd, Buffer.alloc(0), 0, -1);
}, {
code: 'ERR_OUT_OF_RANGE',
});
closeSync(fd);
}));