Skip to content

Commit

Permalink
src: CHECK() for argument overflow in Spawn()
Browse files Browse the repository at this point in the history
This commit adds checks for overflow to args and env in Spawn().
It seems extremely unlikely that either of these values would
overflow from a valid use case.

Fixes: #15622
PR-URL: #16761
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
  • Loading branch information
cjihrig authored and evanlucas committed Nov 13, 2017
1 parent 8ad4f76 commit bce5db2
Showing 1 changed file with 3 additions and 0 deletions.
3 changes: 3 additions & 0 deletions src/process_wrap.cc
Original file line number Diff line number Diff line change
Expand Up @@ -185,6 +185,8 @@ class ProcessWrap : public HandleWrap {
if (!argv_v.IsEmpty() && argv_v->IsArray()) {
Local<Array> js_argv = Local<Array>::Cast(argv_v);
int argc = js_argv->Length();
CHECK_GT(argc + 1, 0); // Check for overflow.

// Heap allocate to detect errors. +1 is for nullptr.
options.args = new char*[argc + 1];
for (int i = 0; i < argc; i++) {
Expand All @@ -211,6 +213,7 @@ class ProcessWrap : public HandleWrap {
if (!env_v.IsEmpty() && env_v->IsArray()) {
Local<Array> env_opt = Local<Array>::Cast(env_v);
int envc = env_opt->Length();
CHECK_GT(envc + 1, 0); // Check for overflow.
options.env = new char*[envc + 1]; // Heap allocated to detect errors.
for (int i = 0; i < envc; i++) {
node::Utf8Value pair(env->isolate(),
Expand Down

0 comments on commit bce5db2

Please sign in to comment.