delta/node-new.git/src/node_buffer.cc, branch v4.x github.com: nodejs/node.git buffer: ensure zero-fill for Buffer.alloc(size,'') 2018-06-20T14:56:21+00:00 Сковорода Никита Андреевич chalkerx@gmail.com 2018-04-24T04:03:19+00:00 9e5fe8eebd31c3998702f3b174058b6cd3154970 This is applicable to v4.x only. Native Fill method is called from Buffer.alloc and from Buffer#fill, the second one is not affected by this, as Buffer#fill only calls the native method on either numbers as the second argument or non-zero-length strings. Fixes: https://github.com/nodejs-private/security/issues/192 PR-URL: https://github.com/nodejs-private/node-private/pull/118 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Evan Lucas <evanlucas@me.com> Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com> Reviewed-By: Timothy Gu <timothygu99@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> 
This is applicable to v4.x only.

Native Fill method is called from Buffer.alloc and from Buffer#fill,
the second one is not affected by this, as Buffer#fill only calls the
native method on either numbers as the second argument or
non-zero-length strings.

Fixes: https://github.com/nodejs-private/security/issues/192
PR-URL: https://github.com/nodejs-private/node-private/pull/118
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Evan Lucas <evanlucas@me.com>
Reviewed-By: Vladimir de Turckheim <vlad2t@hotmail.com>
Reviewed-By: Timothy Gu <timothygu99@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
src: normalize malloc, realloc 2016-11-22T07:59:01+00:00 Michael Dawson michael_dawson@ca.ibm.com 2016-09-01T22:14:02+00:00 51e09d00c429a04cc2f58e1ea0ae94f7ca3e3736 malloc(0) and realloc(ptr, 0) have implementation-defined behavior in that the standard allows them to either return a unique pointer or a nullptr for zero-sized allocation requests. Normalize by always using a nullptr. - Introduce node::malloc, node::realloc and node::calloc that should be used throught our source. - Update all existing node source files to use the new functions instead of the native allocation functions. Fixes: https://github.com/nodejs/node/issues/7549 PR-URL: https://github.com/nodejs/node/pull/7564 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Anna Henningsen <anna@addaleax.net> 
malloc(0) and realloc(ptr, 0) have implementation-defined behavior in
that the standard allows them to either return a unique pointer or a
nullptr for zero-sized allocation requests.  Normalize by always using
a nullptr.

- Introduce node::malloc, node::realloc and node::calloc that should
  be used throught our source.
- Update all existing node source files to use the new functions
  instead of the native allocation functions.

Fixes: https://github.com/nodejs/node/issues/7549
PR-URL: https://github.com/nodejs/node/pull/7564
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
src: suppress coverity message 2016-10-26T18:09:27+00:00 cjihrig cjihrig@gmail.com 2016-07-07T15:18:32+00:00 72be320962ba7ea6090ca98e99b6f1811a3c95b4 Coverity marked a change in 630096b as a constant expression. However, on platforms where sizeof(int64_t) > sizeof(size_t), this should not be the case. This commit flags the comparison as OK to coverity. PR-URL: https://github.com/nodejs/node/pull/7587 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com> 
Coverity marked a change in 630096b as a constant expression.
However, on platforms where sizeof(int64_t) > sizeof(size_t),
this should not be the case. This commit flags the comparison
as OK to coverity.

PR-URL: https://github.com/nodejs/node/pull/7587
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
src: guard against overflow in ParseArrayIndex() 2016-10-26T18:09:27+00:00 Ben Noordhuis info@bnoordhuis.nl 2016-06-30T09:51:17+00:00 6ba3ad5d34f91c106275bd3990a58f8e431d13fb ParseArrayIndex() would wrap around large (>=2^32) index values on platforms where sizeof(int64_t) > sizeof(size_t). Ensure that the return value fits in a size_t. PR-URL: https://github.com/nodejs/node/pull/7497 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> 
ParseArrayIndex() would wrap around large (>=2^32) index values on
platforms where sizeof(int64_t) > sizeof(size_t).  Ensure that the
return value fits in a size_t.

PR-URL: https://github.com/nodejs/node/pull/7497
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
src: move ParseArrayIndex() to src/node_buffer.cc 2016-10-26T18:09:27+00:00 Ben Noordhuis info@bnoordhuis.nl 2016-06-30T09:50:13+00:00 e1f961d05025966193bd9e3c531d8571959b80ed It's not used anywhere else so move it out of src/node_internals.h. PR-URL: https://github.com/nodejs/node/pull/7497 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> 
It's not used anywhere else so move it out of src/node_internals.h.

PR-URL: https://github.com/nodejs/node/pull/7497
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
src: fix handle leak in Buffer::New() 2016-10-26T18:09:25+00:00 Ben Noordhuis info@bnoordhuis.nl 2016-07-13T14:06:18+00:00 7aa268922a174128211028ef8bd4ebf94ca4e6ed Fix handle leaks in Buffer::New() and Buffer::Copy() by creating the handle scope before looking up the env with Environment::GetCurrent(). Environment::GetCurrent() calls v8::Isolate::GetCurrentContext(), which creates a handle in the current scope, i.e., the scope created by the caller of Buffer::New() or Buffer::Copy(). PR-URL: https://github.com/nodejs/node/pull/7711 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Trevor Norris <trev.norris@gmail.com> 
Fix handle leaks in Buffer::New() and Buffer::Copy() by creating the
handle scope before looking up the env with Environment::GetCurrent().

Environment::GetCurrent() calls v8::Isolate::GetCurrentContext(), which
creates a handle in the current scope, i.e., the scope created by the
caller of Buffer::New() or Buffer::Copy().

PR-URL: https://github.com/nodejs/node/pull/7711
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
buffer: backport --zero-fill-buffers cli option 2016-07-12T17:59:45+00:00 James M Snell jasnell@gmail.com 2016-03-16T21:19:08+00:00 fb03e57de20e48e201609f9f9594bc574462bccb This backports the --zero-fill-buffers command line flag introduced in master. When used, all Buffer and SlowBuffer instances will zero fill by default. This does *not* backport any of the other Buffer API or behavior changes. PR-URL: https://github.com/nodejs/node/pull/5745 Reviewed-By: Trevor Norris <trev.norris@gmail.com> 
This backports the --zero-fill-buffers command line flag introduced
in master. When used, all Buffer and SlowBuffer instances will zero
fill by default.

This does *not* backport any of the other Buffer API or behavior
changes.

PR-URL: https://github.com/nodejs/node/pull/5745
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
buffer: fix UCS2 indexOf for odd buffer length 2016-05-18T00:24:43+00:00 Anna Henningsen anna@addaleax.net 2016-05-02T05:51:33+00:00 8b077faa8257bb067a31da9abd4fe5add5cc362c Fix `buffer.indexOf` for the case that the haystack has odd length and the needle is not found in it. `StringSearch()` would return the length of the buffer in multiples of `sizeof(uint16_t)`, but checking that against `haystack_length` would not work if the latter one was odd. PR-URL: https://github.com/nodejs/node/pull/6511 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Trevor Norris <trev.norris@gmail.com> 
Fix `buffer.indexOf` for the case that the haystack has odd length
and the needle is not found in it. `StringSearch()` would return
the length of the buffer in multiples of `sizeof(uint16_t)`, but
checking that against `haystack_length` would not work if the latter
one was odd.

PR-URL: https://github.com/nodejs/node/pull/6511
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
buffer: fix needle length misestimation for UCS2 2016-05-18T00:24:43+00:00 Anna Henningsen anna@addaleax.net 2016-05-02T03:31:48+00:00 12a9699fcf85a693f1d4334607b386a5bf945340 Use `StringBytes::Size` to determine the needle string length instead of assuming latin-1 or UTF-8. Previously, `Buffer.indexOf` could fail with an assertion failure when the needle's byte length, but not its character count, exceeded the haystack's byte length. PR-URL: https://github.com/nodejs/node/pull/6511 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Trevor Norris <trev.norris@gmail.com> 
Use `StringBytes::Size` to determine the needle string length
instead of assuming latin-1 or UTF-8.

Previously, `Buffer.indexOf` could fail with an assertion failure
when the needle's byte length, but not its character count,
exceeded the haystack's byte length.

PR-URL: https://github.com/nodejs/node/pull/6511
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
buffer: properly retrieve binary length of needle 2016-03-02T22:01:11+00:00 Trevor Norris trev.norris@gmail.com 2016-01-21T21:00:59+00:00 288f4c22067aa37b92625159cc58a2383172e20c If the needle contains an extended latin-1 character then using String::Utf8Length() will be too large and the search will return early. Instead use String::Length() when encoding is BINARY. PR-URL: https://github.com/nodejs/node/pull/4803 Reviewed-By: James M Snell <jasnell@gmail.com> 
If the needle contains an extended latin-1 character then using
String::Utf8Length() will be too large and the search will return early.
Instead use String::Length() when encoding is BINARY.

PR-URL: https://github.com/nodejs/node/pull/4803
Reviewed-By: James M Snell <jasnell@gmail.com>