lukechilds
/
node
mirror of https://github.com/lukechilds/node.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

buffer: neuter external `nullptr` buffers 

Neuter external `nullptr` buffers, otherwise their contents will be
materialized on access, and the buffer instance will be internalized.

This leads to a crash like this:

    v8::ArrayBuffer::Neuter Only externalized ArrayBuffers can be
    neutered

Fix: #3619
PR-URL: https://github.com/nodejs/node/pull/3624
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
process-exit-stdio-flushing
Fedor Indutny 9 years ago
parent
9e3aa451a1
commit
827ee498e3
4 changed files with 60 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      src/node_buffer.cc
  2. 40
      test/addons/null-buffer-neuter/binding.cc
  3. 8
      test/addons/null-buffer-neuter/binding.gyp
  4. 7
      test/addons/null-buffer-neuter/test.js

5
src/node_buffer.cc
View File

@ -362,6 +362,11 @@ MaybeLocal<Object> New(Environment* env,
} }
Local<ArrayBuffer> ab = ArrayBuffer::New(env->isolate(), data, length); Local<ArrayBuffer> ab = ArrayBuffer::New(env->isolate(), data, length);
// `Neuter()`ing is required here to prevent materialization of the backing
// store in v8. `nullptr` buffers are not writable, so this is semantically
// correct.
if (data == nullptr)
ab->Neuter();
Local<Uint8Array> ui = Uint8Array::New(ab, 0, length); Local<Uint8Array> ui = Uint8Array::New(ab, 0, length);
Maybe<bool> mb = Maybe<bool> mb =
ui->SetPrototype(env->context(), env->buffer_prototype_object()); ui->SetPrototype(env->context(), env->buffer_prototype_object());

40
test/addons/null-buffer-neuter/binding.cc
View File

@ -0,0 +1,40 @@
#include <node.h>
#include <node_buffer.h>
#include <util.h>
#include <v8.h>
static int alive;
static void FreeCallback(char* data, void* hint) {
CHECK_EQ(data, nullptr);
alive--;
}
void Run(const v8::FunctionCallbackInfo<v8::Value>& args) {
v8::Isolate* isolate = args.GetIsolate();
alive++;
{
v8::HandleScope scope(isolate);
v8::Local<v8::Object> buf = node::Buffer::New(
isolate,
nullptr,
0,
FreeCallback,
nullptr).ToLocalChecked();
char* data = node::Buffer::Data(buf);
CHECK_EQ(data, nullptr);
}
isolate->RequestGarbageCollectionForTesting(
v8::Isolate::kFullGarbageCollection);
CHECK_EQ(alive, 0);
}
void init(v8::Local<v8::Object> target) {
NODE_SET_METHOD(target, "run", Run);
}
NODE_MODULE(binding, init);

8
test/addons/null-buffer-neuter/binding.gyp
View File

@ -0,0 +1,8 @@
{
'targets': [
{
'target_name': 'binding',
'sources': [ 'binding.cc' ]
}
]
}

7
test/addons/null-buffer-neuter/test.js
View File

@ -0,0 +1,7 @@
'use strict';
// Flags: --expose-gc
require('../../common');
var binding = require('./build/Release/binding');
binding.run();
Write Preview
Loading…
Cancel
Save