-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
src: fix potential segmentation fault in SQLite #53850
Conversation
The Local<Value> returned from ColumnToValue() and ColumnNameToValue() may be empty (if a JavaScript exception is pending), in which case a segmentation fault may occur at the call sites, which do not check if the Local<Value> is empty. Fix this bug returning early if an exception is pending (as indicated by the Local being empty). In the long term, these functions should return MaybeLocal instead of Local, but this patch is supposed to be a minimal bug fix only.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there an easy repro?
if (key.IsEmpty()) return; | ||
Local<Value> val = stmt->ColumnToValue(i); | ||
if (val.IsEmpty()) return; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit... is it worth combining these into a single if (key.IsEmpty() || val.IsEmpty()) return
just to make things a bit more compact?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We usually fail fast when a JavaScript exception is pending to avoid unsafe calls into JavaScript in that state. It seems that ColumnToValue()
does not call into JavaScript, but unless someone feels strongly, I'd err on the side of caution here.
Landed in 0b1ff69 |
The Local<Value> returned from ColumnToValue() and ColumnNameToValue() may be empty (if a JavaScript exception is pending), in which case a segmentation fault may occur at the call sites, which do not check if the Local<Value> is empty. Fix this bug returning early if an exception is pending (as indicated by the Local being empty). In the long term, these functions should return MaybeLocal instead of Local, but this patch is supposed to be a minimal bug fix only. PR-URL: nodejs#53850 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
The Local<Value> returned from ColumnToValue() and ColumnNameToValue() may be empty (if a JavaScript exception is pending), in which case a segmentation fault may occur at the call sites, which do not check if the Local<Value> is empty. Fix this bug returning early if an exception is pending (as indicated by the Local being empty). In the long term, these functions should return MaybeLocal instead of Local, but this patch is supposed to be a minimal bug fix only. PR-URL: #53850 Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>
The
Local<Value>
returned fromColumnToValue()
andColumnNameToValue()
may be empty (if a JavaScript exception is pending), in which case a segmentation fault may occur at the call sites, which do not check if theLocal<Value>
is empty. Fix this bug by returning early if an exception is pending (as indicated by theLocal
being empty).In the long term, these functions should return
MaybeLocal
instead ofLocal
, but this patch is supposed to be a minimal bug fix only.