zlib: fix windowBits validation to allow 0 for decompression mode #19686
Conversation
From the zlib v1.2.11 manual: > ZEXTERN int ZEXPORT inflateInit2 OF((z_streamp strm, > int windowBits)); > > ... > windowBits can also be zero to request that inflate use the window > size in the zlib header of the compressed stream. The current validation of windowBits in zlib.js doesn't check for this case.
lib/zlib.js
Outdated
| mode === GUNZIP || | ||
| mode === INFLATERAW || | ||
| mode === UNZIP)) { | ||
| windowBits = 0 |
There was a problem hiding this comment.
Can you run make lint? It should complain about the lack of a semicolon here ;)
There was a problem hiding this comment.
whoops. I'm spoiled by standardjs! Will fix.
lib/zlib.js
Outdated
| if (opts.windowBits === 0 && | ||
| (mode === INFLATE || | ||
| mode === GUNZIP || | ||
| mode === INFLATERAW || |
There was a problem hiding this comment.
INFLATERAW means that there is no header, so I think we'd want to drop that case?
There was a problem hiding this comment.
Sure. I picked the list from
Lines 541 to 544 in 22f4a35
inflateInit2(). Will remove it from the list.
lib/zlib.js
Outdated
| // windowBits is special. On the compression side, 0 is an invalid value. | ||
| // But on the decompression side, a value of 0 for windowBits tells zlib | ||
| // to extract the value from the headers of the compressed stream. | ||
| if (opts.windowBits === 0 && |
There was a problem hiding this comment.
We may actually want to also capture undefined here, so that when decompressing we always go with the header-provided value (instead of the safe maximum) for lower memory usage.
There was a problem hiding this comment.
excellent idea! How about opts.windowBits == null || opts.windowBits === 0?
|
Test(s)? |
anandsuresh
force-pushed
the
anandsuresh/zlibWindowBits
branch
from
0eacda7 to
10e9d16
Compare
|
SGTM with tests added. |
anandsuresh
force-pushed
the
anandsuresh/zlibWindowBits
branch
from
10e9d16 to
736be73
Compare
|
tests added. |
There was a problem hiding this comment.
common.expectsError() instead of try-catch.
There was a problem hiding this comment.
common.expectsError() instead of try-catch.
There was a problem hiding this comment.
This is already tested in test-zlib-deflate-constructors.js so it is probably redundant.
There was a problem hiding this comment.
We can simply by using common.expectsError():
common.expectsError(
() => zlib.createGzip({windowBits: 0}),
{
code: 'ERR_INVALID_OPT_VALUE',
type: RangeError,
message: '...'
}
);
anandsuresh
force-pushed
the
anandsuresh/zlibWindowBits
branch
2 times, most recently
from
bcb88e0 to
1ba53f2
Compare
|
standby.... some tests are failing. Working to fix those. |
anandsuresh
force-pushed
the
anandsuresh/zlibWindowBits
branch
from
1ba53f2 to
fda4044
Compare
|
all tests passing again. |
BridgeAR
added
the
author ready
|
Landed in 7bc5151 🎉 |
From the zlib v1.2.11 manual: > ZEXTERN int ZEXPORT inflateInit2 OF((z_streamp strm, > int windowBits)); > > ... > windowBits can also be zero to request that inflate use the window > size in the zlib header of the compressed stream. The current validation of windowBits in zlib.js doesn't check for this case. PR-URL: nodejs#19686 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
From the zlib v1.2.11 manual: > ZEXTERN int ZEXPORT inflateInit2 OF((z_streamp strm, > int windowBits)); > > ... > windowBits can also be zero to request that inflate use the window > size in the zlib header of the compressed stream. The current validation of windowBits in zlib.js doesn't check for this case. PR-URL: nodejs#19686 Reviewed-By: Richard Lau <riclau@uk.ibm.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
7 participants
From the zlib v1.2.11 manual:
The current validation of windowBits in zlib.js doesn't check for this
case.
Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passes