-
Notifications
You must be signed in to change notification settings - Fork 29.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto.pseudoRandomBytes
results in a segmentation fault
#38090
Comments
According to the docs
It seems we have know it will not work in The issue also occurs when execute in node
|
Doesn't reproduce on Node.js v15.x, probably fixed by #35093. |
Can repro on Windows 10 as well.
|
I'm not a JavaScript developer. I am just working on some research to detect bugs and NodeJS is one of my test targets. |
@zyscoder First of all, thanks for all the reports you sent! Bug reports on LTS versions are certainly valid, Node.js as project would accept PR fixing that kind of crash for all supported versions. TL;DR, you might want to target the master branch (or maybe v16.0.0-rc.1) to decrease the probability of finding already reported bugs. |
After digging into the code, I found there is a discrepancy of validation in JS side and C++ side. So, technically, the issue "exists" in master branch but it guarded by C++ backend (introduced in #35093). I would like to open a PR to address it. |
@Ayase-252 why does it matter if it's handled by C++ or JS code? |
@aduh95 Both v14 and v15 has validation for node/lib/internal/crypto/random.js Line 92 in 4f387c2
Let's see node/lib/internal/crypto/random.js Lines 75 to 89 in 4f387c2
Note that node/lib/internal/crypto/random.js Line 61 in 4f387c2
where Since However, in v15, an extra guard is introduced as part of #35093. It ensures node/src/crypto/crypto_random.cc Lines 54 to 57 in 4f387c2
But v14 is out of luck to have a C++ guard, therefore aborts when passing |
Closing as #38096 has been backported to v14.x, it should be fixed. |
I think this is the same issue, but it's happening in Node 16.1.0 When I run:
in a project with an "imports" to a non existing folder I get a segmentation fault core dump |
@rayfoss I'm not able to reproduce on v16.1.0 nor on master (macOS 11.3.1). If you are positive there's another bug, maybe it'd be worth opening a new issue. |
@aduh95 Tracked it down to having an imports to a folder that doesn't exist... not sure why that last line trigger it, but making the last line an assignment doesn't. Regardless, thats not a useful error. |
What steps will reproduce the bug?
Setup a node instance,
and run the following javascript code.
Then a segmentation fault occurs.
How often does it reproduce? Is there a required condition?
This problem can always be triggered following the steps above.
Noticed that
2147483647
would not cause this problem. It seems to result from an integer overflow.What is the expected behavior?
If any error occurs, an exception or other similar error-reporting stuff should be thrown. There is no reason to abort the whole node process.
What do you see instead?
Additional information
The text was updated successfully, but these errors were encountered: