Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lib: fix max size check in Buffer constructor #657

Merged
merged 1 commit into from
Jan 31, 2015
Merged

lib: fix max size check in Buffer constructor #657

merged 1 commit into from
Jan 31, 2015

Conversation

bnoordhuis
Copy link
Member

A logic error let buffer sizes larger than kMaxLength (0x3fffffff) slip
through. The .toString() operation (and possibly others as well) then
blew up because the buffer was larger than it could reasonably handle.

Fixes the following run-time assert:

#
# Fatal error in ../deps/v8/src/handles.h, line 48
# CHECK(location_ != NULL) failed
#

==== C stack trace ===============================

 1: V8_Fatal
 2: v8::String::NewFromUtf8(v8::Isolate*, char const*, v8::String::NewStringType, int)
 3: node::StringBytes::Encode(v8::Isolate*, char const*, unsigned long, node::encoding)
 4: node::Buffer::Utf8Slice(v8::FunctionCallbackInfo<v8::Value> const&)
 5: v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const&))
 6: ??
 7: ??

Fixes: #649

R=@trevnorris?

@bnoordhuis bnoordhuis mentioned this pull request Jan 29, 2015
Closed
@bnoordhuis
Copy link
Member Author

The commit log is admittedly a little weak. The failing CHECK is related to but not exclusively caused by the bad length check in lib/buffer.js.

@trevnorris
Copy link
Contributor

LGTM

@bnoordhuis
lib: fix max size check in Buffer constructor
0767c2f 
A number -> uint32 type coercion bug made buffer sizes
larger than kMaxLength (0x3fffffff) wrap around.

Instead of rejecting the requested size with an exception,
the constructor created a buffer with the wrong size.

PR-URL: nodejs#657
Reviewed-By: Trevor Norris <[email protected]>
@bnoordhuis bnoordhuis merged commit 0767c2f into nodejs:v1.x Jan 31, 2015
@bnoordhuis bnoordhuis deleted the fix-issue-649 branch January 31, 2015 09:15
feross added a commit to feross/buffer that referenced this pull request Feb 10, 2015
@feross
fix max size check in Buffer constructor
f77fa92 
Copied from nodejs/node#657
trevnorris pushed a commit to nodejs/node-v0.x-archive that referenced this pull request Feb 10, 2015
@bnoordhuis @trevnorris
lib: fix max size check in Buffer constructor
04b63e0 
A number -> uint32 type coercion bug made buffer sizes
larger than kMaxLength (0x3fffffff) wrap around.

Instead of rejecting the requested size with an exception,
the constructor created a buffer with the wrong size.

PR-URL: nodejs/node#657
Reviewed-By: Trevor Norris <[email protected]>
@joyeecheung joyeecheung mentioned this pull request Dec 5, 2016
Closed
2 tasks
@aliscco aliscco mentioned this pull request Apr 28, 2023
Open
@leonardoadame leonardoadame mentioned this pull request Feb 2, 2024
Open
itu2n1i8w added a commit to itu2n1i8w/buffer that referenced this pull request Aug 5, 2024
@itu2n1i8w @feross
fix max size check in Buffer constructor
408083d 
Copied from nodejs/node#657
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bnoordhuis @trevnorris