Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

src: fix invalid windowBits=8 gzip segfault #33045

Closed

Conversation

bnoordhuis
Copy link
Member

{ windowBits: 8 } is legal for deflate streams but not gzip streams.
Fix a nullptr dereference when formatting the error message.

Bug introduced in commit c34eae5 ("zlib: refactor zlib internals")
from September 2018.


zlib: reject windowBits=8 when mode=GZIP

It's also handled in C++ land now, per the previous commit, but
intercepting it in JS land makes for prettier error messages.

`{ windowBits: 8 }` is legal for deflate streams but not gzip streams.
Fix a nullptr dereference when formatting the error message.

Bug introduced in commit c34eae5 ("zlib: refactor zlib internals")
from September 2018.
It's also handled in C++ land now, per the previous commit, but
intercepting it in JS land makes for prettier error messages.
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. zlib Issues and PRs related to the zlib subsystem. labels Apr 24, 2020
lib/zlib.js Outdated Show resolved Hide resolved
src/node_zlib.cc Outdated Show resolved Hide resolved
@addaleax addaleax added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label May 7, 2020
@nodejs-github-bot
Copy link
Collaborator

lib/zlib.js Outdated Show resolved Hide resolved
Co-authored-by: Jiawen Geng <technicalcute@gmail.com>
@nodejs-github-bot
Copy link
Collaborator

addaleax pushed a commit that referenced this pull request May 9, 2020
`{ windowBits: 8 }` is legal for deflate streams but not gzip streams.
Fix a nullptr dereference when formatting the error message.

Bug introduced in commit c34eae5 ("zlib: refactor zlib internals")
from September 2018.

PR-URL: #33045
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: David Carlier <devnexen@gmail.com>
addaleax pushed a commit that referenced this pull request May 9, 2020
It's also handled in C++ land now, per the previous commit, but
intercepting it in JS land makes for prettier error messages.

PR-URL: #33045
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: David Carlier <devnexen@gmail.com>
@addaleax
Copy link
Member

addaleax commented May 9, 2020

Landed in 3226731...d8a380e

@addaleax addaleax closed this May 9, 2020
codebytere pushed a commit that referenced this pull request May 11, 2020
`{ windowBits: 8 }` is legal for deflate streams but not gzip streams.
Fix a nullptr dereference when formatting the error message.

Bug introduced in commit c34eae5 ("zlib: refactor zlib internals")
from September 2018.

PR-URL: #33045
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: David Carlier <devnexen@gmail.com>
codebytere pushed a commit that referenced this pull request May 11, 2020
It's also handled in C++ land now, per the previous commit, but
intercepting it in JS land makes for prettier error messages.

PR-URL: #33045
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: David Carlier <devnexen@gmail.com>
@codebytere codebytere mentioned this pull request May 18, 2020
codebytere pushed a commit that referenced this pull request Jun 7, 2020
`{ windowBits: 8 }` is legal for deflate streams but not gzip streams.
Fix a nullptr dereference when formatting the error message.

Bug introduced in commit c34eae5 ("zlib: refactor zlib internals")
from September 2018.

PR-URL: #33045
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: David Carlier <devnexen@gmail.com>
codebytere pushed a commit that referenced this pull request Jun 7, 2020
It's also handled in C++ land now, per the previous commit, but
intercepting it in JS land makes for prettier error messages.

PR-URL: #33045
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Reviewed-By: David Carlier <devnexen@gmail.com>
@codebytere codebytere mentioned this pull request Jun 9, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. zlib Issues and PRs related to the zlib subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants