Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bundled zlib is missing an upstream UB fix #41744

Closed
jmatthew opened this issue Jan 29, 2022 · 6 comments
Closed

bundled zlib is missing an upstream UB fix #41744

jmatthew opened this issue Jan 29, 2022 · 6 comments
Labels
zlib Issues and PRs related to the zlib subsystem.

Comments

@jmatthew
Copy link

jmatthew commented Jan 29, 2022

Version

v12.22.7

Platform

OpenBSD hostname 7.0 GENERIC.MP#107 amd64

Subsystem

No response

What steps will reproduce the bug?

The bundled zlib is missing this fix: https://chromium.googlesource.com/chromium/src.git/+/e0f88a903fdcb6c772de1929834a73d1662d509a%5E%21/

The consequences of which can be experienced in real life by running pacote.extract("https://registry.npmjs.org/bower/-/bower-1.8.13.tgz", "/tmp/zzzz") on a platform where memcpy() with overlapping source and destination is a fatal error, such as OpenBSD. On OpenBSD, the node process will abort, writing "node: backwards memcpy" to the system logs.

How often does it reproduce? Is there a required condition?

No response

What is the expected behavior?

No response

What do you see instead?

Welcome to Node.js v12.22.7.
Type ".help" for more information.

const pacote = require('pacote')
undefined
pacote.extract("https://registry.npmjs.org/bower/-/bower-1.8.13.tgz", "/tmp/zzzz");
Promise { }
Abort trap (core dumped)

Additional information

No response

@benjamingr benjamingr added the zlib Issues and PRs related to the zlib subsystem. label Jan 29, 2022
@targos
Copy link
Member

targos commented Jan 29, 2022

Is it related to the error we get with asan in #40238 (comment) ?

@jmatthew
Copy link
Author

it's the same copy operation that produces that error.

@targos
Copy link
Member

targos commented Jan 29, 2022

PR to update zlib: #41745

@targos targos removed their assignment Feb 4, 2022
@MylesBorins
Copy link
Contributor

Closing as #41745 landed

@MylesBorins
Copy link
Contributor

nvm I realize that didn't land

@MylesBorins MylesBorins reopened this Apr 20, 2022
@lpinca
Copy link
Member

lpinca commented Nov 17, 2022

Closing as #45387 landed.

@lpinca lpinca closed this as completed Nov 17, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
zlib Issues and PRs related to the zlib subsystem.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

5 participants