src: fix use-after-return in zlib bindings

Pointed out by Coverity. Introduced in commit 5b8e1dab from September 2011 ("Initial pass at zlib bindings".) The asynchronous version of Write() used a pointer to a stack-allocated buffer on flush. A mitigating factor is that zlib does not dereference the pointer for zero-sized writes but it's still technically UB. PR-URL: https://github.com/nodejs/node/pull/7374 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
8 years ago · da4c1c314d
1 changed files with 1 additions and 2 deletions
--- a/src/node_zlib.cc
+++ b/src/node_zlib.cc
@ -149,8 +149,7 @@ class ZCtx : public AsyncWrap {

    if (args[1]->IsNull()) {
      // just a flush
-      Bytef nada[1] = { 0 };
-      in = nada;
+      in = nullptr;
      in_len = 0;
      in_off = 0;
    } else {