Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

buffer: buf.write(string, offset) with negative offset #27043

Closed
vsemozhetbyt opened this issue Apr 1, 2019 · 1 comment
Closed

buffer: buf.write(string, offset) with negative offset #27043

vsemozhetbyt opened this issue Apr 1, 2019 · 1 comment
Labels
buffer Issues and PRs related to the buffer subsystem.

Comments

@vsemozhetbyt
Copy link
Contributor

vsemozhetbyt commented Apr 1, 2019
edited
Loading

All other Node.js Buffer methods either support negative offsets or throw errors for all negative integers stating that offset must be >= 0.

However, buf.write(string, offset) does not check if an offset is negative, but just converts it to uint32:

node/lib/buffer.js

Line 896 in 6eae414

offset = offset >>> 0;

This may cause some slightly confusing effects:

  1. If -offset is > -buffer.constants.MAX_LENGTH, this produces not so clear error:
'use strict';

const buf = Buffer.alloc(10);

try {
  const len = buf.write('a', -1);
  console.log(buf.indexOf('a'));
} catch (err) {
  console.error(err.toString());
}

// Prints: RangeError [ERR_BUFFER_OUT_OF_BOUNDS]: Attempt to write outside buffer bounds
  1. If -offset is < -buffer.constants.MAX_LENGTH, string can be written in an unexpected place:
'use strict';

const buf = Buffer.alloc(10);

try {
  const len = buf.write('a', -4294967296);
  console.log(buf.indexOf('a'));
} catch (err) {
  console.error(err);
}

// Prints: 0

So should the method check the sign before the converting?
@vsemozhetbyt vsemozhetbyt added the buffer Issues and PRs related to the buffer subsystem. label Apr 1, 2019
@vsemozhetbyt vsemozhetbyt changed the title buf.write(string, offset) with nagative offset buffer: buf.write(string, offset) with nagative offset Apr 1, 2019
@targos targos changed the title buffer: buf.write(string, offset) with nagative offset buffer: buf.write(string, offset) with negative offset Apr 1, 2019
@BridgeAR
Copy link
Member

BridgeAR commented Apr 1, 2019

@vsemozhetbyt instead of checking for the sign, we could just use stricter input validation.

@BridgeAR BridgeAR mentioned this issue Apr 1, 2019
Closed
4 tasks
BridgeAR added a commit to BridgeAR/node that referenced this issue Apr 1, 2019
@BridgeAR
buffer: use stricter range checks
ebcba82 
This adds support to use offset and length arguments above uint32
and it validates the input to make sure the arguments do not overflow.
Before, if the input would overflow, it would cause the write to be
performt in the wrong spot / result in unexpected behavior.
Instead, just use a strict number validation.

Fixes: nodejs#27043
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
buffer Issues and PRs related to the buffer subsystem.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

buffer: use stricter range checks BridgeAR/node
2 participants
@BridgeAR @vsemozhetbyt