Buffer.alloc(): uninitialized buffer with an incorrectly encoded fill value #17423

vic511 · 2017-12-02T03:26:29Z

Version: 9.2.0
Platform: Linux debian 4.9.0-3-amd64 deps: update openssl to 1.0.1j #1 SMP Debian 4.9.30-2 (2017-06-12) x86_64 GNU/Linux

Executing this script leads to buf being uninitialized.

let buf = Buffer.alloc(0x100, "This is not correctly encoded", "hex");
console.log(buf);

I highly suspect this is because Buffer.alloc() calls buffer.fill() after allocating memory, which doesn't fill the buffer when it cannot decode the value parameter.

The text was updated successfully, but these errors were encountered:

Zero-fill when `Buffer.alloc()` receives invalid fill data. A solution like nodejs#17427 which switches to throwing makes sense, but is likely a breaking change. This suggestion leaves the behaviour of `buffer.fill()` untouched, since any change to it would be a breaking change, and lets `Buffer.alloc()` check whether any filling took place or not. Refs: nodejs#17427 Refs: nodejs#17423

Zero-fill when `Buffer.alloc()` receives invalid fill data. A solution like #17427 which switches to throwing makes sense, but is likely a breaking change. This suggestion leaves the behaviour of `buffer.fill()` untouched, since any change to it would be a breaking change, and lets `Buffer.alloc()` check whether any filling took place or not. PR-URL: #17428 Refs: #17427 Refs: #17423 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>

Zero-fill when `Buffer.alloc()` receives invalid fill data. A solution like nodejs#17427 which switches to throwing makes sense, but is likely a breaking change. This suggestion leaves the behaviour of `buffer.fill()` untouched, since any change to it would be a breaking change, and lets `Buffer.alloc()` check whether any filling took place or not. PR-URL: nodejs#17428 Refs: nodejs#17427 Refs: nodejs#17423 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>

If fill() attempts to write a string to a buffer, but fails silently, then uninitialized memory could be leaked. This commit causes fill() to throw if the string write operation fails. Refs: nodejs#17423 PR-URL: nodejs#17427 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>

Zero-fill when `Buffer.alloc()` receives invalid fill data. A solution like #17427 which switches to throwing makes sense, but is likely a breaking change. This suggestion leaves the behaviour of `buffer.fill()` untouched, since any change to it would be a breaking change, and lets `Buffer.alloc()` check whether any filling took place or not. PR-URL: #17428 Backport-PR-URL: #17467 Refs: #17427 Refs: #17423 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>

Zero-fill when `Buffer.alloc()` receives invalid fill data. A solution like #17427 which switches to throwing makes sense, but is likely a breaking change. This suggestion leaves the behaviour of `buffer.fill()` untouched, since any change to it would be a breaking change, and lets `Buffer.alloc()` check whether any filling took place or not. PR-URL: #17428 Refs: #17427 Refs: #17423 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Michaël Zasso <targos@protonmail.com>

Trott · 2017-12-11T22:03:03Z

@vic511 Thanks for reporting the bug. As you probably saw, it's now fixed in the latest release.

vic511 changed the title ~~Buffer.alloc(): uninitialized buffer when giving an incorrectly encoded fill value~~ Buffer.alloc(): uninitialized buffer with an incorrectly encoded fill value Dec 2, 2017

mscdex added the buffer Issues and PRs related to the buffer subsystem. label Dec 2, 2017

cjihrig mentioned this issue Dec 2, 2017

buffer: throw on failed fill attempts #17427

Merged

3 tasks

addaleax mentioned this issue Dec 2, 2017

buffer: zero-fill buffer allocated with invalid content #17428

Closed

4 tasks

nodejs deleted a comment from mhdawson Dec 5, 2017

cjihrig closed this as completed in #17427 Dec 6, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Buffer.alloc(): uninitialized buffer with an incorrectly encoded fill value #17423

Buffer.alloc(): uninitialized buffer with an incorrectly encoded fill value #17423

vic511 commented Dec 2, 2017

Trott commented Dec 11, 2017

Buffer.alloc(): uninitialized buffer with an incorrectly encoded fill value #17423

Buffer.alloc(): uninitialized buffer with an incorrectly encoded fill value #17423

Comments

vic511 commented Dec 2, 2017

Trott commented Dec 11, 2017