Using the JavaScript Hash class is unsafe because its internals can be
tampered with. In particular, an application can cause
Hash.prototype.digest() to return arbitrary values, thus allowing to
circumvent the integrity verification that policies are supposed to
guarantee.
Add and use a new C++ binding internalVerifyIntegrity() that (hopefully)
cannot be tampered with from JavaScript.
PR-URL: https://github.com/nodejs-private/node-private/pull/462
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
CVE-ID: CVE-2023-38552
- add CHECK around SocketAddress::New like we have in other
places as suggested by Coverity scan
Signed-off-by: Michael Dawson <midawson@redhat.com>
PR-URL: https://github.com/nodejs/node/pull/49865
Reviewed-By: Tobias Nießen <tniessen@tnie.de>
- add check for case when trying to provide
a better Exception fails
- the code was modified to avoid a CHECK_EQ in all
cases in https://github.com/nodejs/node/pull/31076,
however, I believe that if we fail to create the exeption
to throw instead of simply returning using a CHECK makes
more sense. I think it should also address the coverity
warning about not initializing in the constructor.
Signed-off-by: Michael Dawson <midawson@redhat.com>
PR-URL: https://github.com/nodejs/node/pull/49866
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
ShadowRealm garbage-collection is covered in another test. Reduce the
number of repetition in test-heapdump-shadowrealm.js trying to fix the
flakiness of the test.
PR-URL: https://github.com/nodejs/node/pull/50104
Refs: https://github.com/nodejs/node/issues/49572
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
This test was flaky on Windows when trying to clean up the
tmp directory, probably because it relied on child processes
timing out and being killed.
This commit updates the test to check for debug output
from the test runner. This should be adequate because the
original change was effectively:
let concurrency = getOptionValue('--test-concurrency') || true;
The test runner now logs the value of the concurrency variable.
Fixes: https://github.com/nodejs/node/issues/50101
PR-URL: https://github.com/nodejs/node/pull/50108
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
This commit adds a 'flush' option to the createWriteStream()
family of functions.
Refs: https://github.com/nodejs/node/issues/49886
PR-URL: https://github.com/nodejs/node/pull/50093
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
JSTransferable wrapper object is a short-lived wrapper in the scope of
the serialization or the deserialization. Make the JSTransferable
wrapper object pointer as a strongly-referenced detached BaseObjectPtr
so that a JSTransferable wrapper object and its target object will never
be garbage-collected during a ser-des process, and the wrapper object
will be immediately destroyed when the process is completed.
PR-URL: https://github.com/nodejs/node/pull/50026
Fixes: https://github.com/nodejs/node/issues/49852
Fixes: https://github.com/nodejs/node/issues/49844
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Syntax errors from `JSON.parse` contain more information and
can now be printed on two lines if they are long.
PR-URL: https://github.com/nodejs/node/pull/49639
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/49639
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
`--no-harmony-sharedarraybuffer` was removed from V8 but it's still
possible to disable the feature with
`--enable-sharedarraybuffer-per-context`.
PR-URL: https://github.com/nodejs/node/pull/49639
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Accept a new `step` break message.
PR-URL: https://github.com/nodejs/node/pull/49639
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/49639
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/49639
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/49639
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/49639
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/49639
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/49639
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/49639
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Original commit message:
fix: EmbeddedTargetOs on IBM i with Python 3.9
For some context, Python 3.9 on IBM i returns "os400" for sys.platform
instead of "aix". We used to build with Python 3.6 which returned "aix"
as the platform
When attempting to build Node.js with python 3.9 on IBM i we run into a
build error.
Ref: https://github.com/nodejs/node/pull/48056
Ref: https://github.com/nodejs/node/pull/48056#issuecomment-1553719508
I'm not quite sure where target_os is being passed down to the function ToEmbeddedTargetOs.
It seems as though target_os is being generated from sys.platform or
similar call from python as we started running into this issue after
building with Python 3.9.
This PR supersedes initial changes proposed in:
https://chromium-review.googlesource.com/c/v8/v8/+/4259330
This PR contains the minimal changes to successfully build Node.js (builds v8 as an internal dep)
on IBM i with Python 3.9.
Change-Id: I32d43197bce994a72a0d85091e91f80eeea4482d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4846413
Commit-Queue: Jakob Linke <jgruber@chromium.org>
Reviewed-by: Michael Achenbach <machenbach@chromium.org>
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Cr-Commit-Position: refs/heads/main@{#89981}
Refs: 8ec2651fbd
PR-URL: https://github.com/nodejs/node/pull/49639
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Original commit message:
Ignore flags implied by --predictable during hash computation
https://chromium-review.googlesource.com/c/v8/v8/+/4681766 added
code to ignore --predictable during hash computation of flags
in order to produce reproducible code cache. This turns out to
be not enough since the flags implied by --predictable also
need to be ignored for it to work. This patch makes sure that
they are ignored.
Change-Id: Ifa36641efe3ca105706fd293be46fc974055d2d4
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4851287
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Leszek Swirski <leszeks@chromium.org>
Reviewed-by: Patrick Thier <pthier@chromium.org>
Cr-Commit-Position: refs/heads/main@{#90022}
Refs: de9a5de227
PR-URL: https://github.com/nodejs/node/pull/49639
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Original commit message:
Fix for no member named 'init_jmpbuf' on AIX
In AIX, the system header file usr/include/sys/context.h file has jmpbuf redefined as __jmpbuf which is creating the problem here.
Change-Id: I4393e260092016315ac7559465684e3fdbba4900
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4868434
Reviewed-by: Jakob Linke <jgruber@chromium.org>
Commit-Queue: Milad Farazmand <mfarazma@redhat.com>
Cr-Commit-Position: refs/heads/main@{#90087}
Refs: b5b5d6c31b
PR-URL: https://github.com/nodejs/node/pull/49639
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Original commit message:
Reland "[api] allow v8::Data as internal field"
This is a reland of commit 0aa622e12893e9921c01a34ce9507b544e599c4a
The original patch tried to run a test that calls exit() in the
fatal error handler in parallel, which would not work. This marked
the test with TEST() to avoid running it in parallel.
Original change's description:
> [api] allow v8::Data as internal field
>
> Previously only v8::Value can be stored as internal fields.
> In some cases, however, it's necessary for the embedder to
> tie the lifetime of a v8::Data with the lifetime of a
> JS object, and that v8::Data may not be a v8::Value, as
> it can be something returned from the V8 API. One way to
> keep the v8::Data alive may be to use a v8::Persistent<v8::Data>
> but that can easily lead to leaks.
>
> This patch changes v8::Object::GetInternalField() and
> v8::Object::SetInernalField() to accept v8::Data instead of just
> v8::Value, so that v8::Data can kept alive by a JS object in
> a way that the GC can be aware of to address this problem.
> This is a breaking change for embedders
> using v8::Object::GetInternalField() as it changes the return
> type. Since most v8::Value subtypes only support direct casts
> from v8::Value but not v8::Data, calls like
>
> object->GetInternalField(index).As<v8::External>()
>
> needs to be updated to cast the value to v8::Value first:
>
> object->GetInternalField(index).As<v8::Value>().As<v8::External>()
>
> Bug: v8:14120
> Change-Id: I731c958d1756b9d5ee4a3e78813416cd60d1b7ca
> Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4707972
> Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
> Commit-Queue: Joyee Cheung <joyee@igalia.com>
> Cr-Commit-Position: refs/heads/main@{#89718}
Bug: v8:14120
Change-Id: I3e45d09b5c300d5eefc73e380ef21ac2bd61760c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4834471
Commit-Queue: Joyee Cheung <joyee@igalia.com>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/main@{#89824}
Refs: 93b1a74cbc
PR-URL: https://github.com/nodejs/node/pull/49639
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Original commit message:
Fix build issue, remove unneeded include uchar.h.
Follow the conversation on:
https://groups.google.com/g/v8-dev/c/nsbshwlmP3c.
The `uchar.h` include is not necessary.
It was added to get the definition of char16_t but that's an intrinsic
type in C++.
Change-Id: I0aaa11dba0be3ccad15b9e421f8bae71450d443b
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/4823404
Reviewed-by: Omer Katz <omerkatz@chromium.org>
Commit-Queue: Eric Leese <leese@chromium.org>
Reviewed-by: Eric Leese <leese@chromium.org>
Cr-Commit-Position: refs/heads/main@{#89787}
Refs: 1a3ecc2483
PR-URL: https://github.com/nodejs/node/pull/49639
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
PR-URL: https://github.com/nodejs/node/pull/49639
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
We are not ready to compile with C++20 support yet.
This is only a DCHECK that can be removed without affecting the behavior
of release builds.
PR-URL: https://github.com/nodejs/node/pull/49639
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
