From ce9caa237fe730ecf18cc96f4a176352a1b1a2dc Mon Sep 17 00:00:00 2001
From: Ryan Dahl <ry@tinyclouds.org>
Date: Sat, 20 Aug 2011 12:38:31 -0700
Subject: [PATCH] Fix #1563. overflow in ChildProcess custom_fd.

Backported from master f5db3f1f859427d2b1252f937a45409c5d4eb38b
---
 src/node_child_process.cc                          | 6 ++++++
 test/simple/test-child-process-customfd-bounded.js | 9 +++++++++
 2 files changed, 15 insertions(+)
 create mode 100644 test/simple/test-child-process-customfd-bounded.js

diff --git a/src/node_child_process.cc b/src/node_child_process.cc
index 759c901203..6465f0213e 100644
--- a/src/node_child_process.cc
+++ b/src/node_child_process.cc
@@ -164,7 +164,13 @@ Handle<Value> ChildProcess::Spawn(const Arguments& args) {
   if (args[4]->IsArray()) {
     // Set the custom file descriptor values (if any) for the child process
     Local<Array> custom_fds_handle = Local<Array>::Cast(args[4]);
+
     int custom_fds_len = custom_fds_handle->Length();
+    // Bound by 3.
+    if (custom_fds_len > 3) {
+      custom_fds_len = 3;
+    }
+
     for (int i = 0; i < custom_fds_len; i++) {
       if (custom_fds_handle->Get(i)->IsUndefined()) continue;
       Local<Integer> fd = custom_fds_handle->Get(i)->ToInteger();
diff --git a/test/simple/test-child-process-customfd-bounded.js b/test/simple/test-child-process-customfd-bounded.js
new file mode 100644
index 0000000000..b2796a24fd
--- /dev/null
+++ b/test/simple/test-child-process-customfd-bounded.js
@@ -0,0 +1,9 @@
+var common = require('../common');
+var spawn = require('child_process').spawn;
+var bigish = Array(200);
+
+for (var i = 0, il = bigish.length; i < il; ++i)
+ bigish[i] = -1;
+
+spawn('/bin/echo', [], { customFds: bigish });
+