Calling JS during GC is a no-no. So intead create a queue of all ids
that need to have their destroy() callback called and call them later.
Removed checking destroy() in test-async-wrap-uid because destroy() can
be called after the 'exit' callback.
Missing a reliable test to reproduce the issue that caused the
FATAL_ERROR.
Fixes: https://github.com/nodejs/node/issues/8216
Fixes: https://github.com/nodejs/node/issues/9465
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This is how it's done everywhere else in core. Make it follow suit.
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
The constructor and destructor shouldn't have been placed in the -inl.h
file from the beginning.
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This LTS release comes with 108 commits. This includes 30 which are doc
related, 28 which are test related, 16 which are build / tool related,
and 4 commits which are updates to dependencies.
Notable Changes:
The SEMVER-MINOR changes include:
* build:
- export openssl symbols on Windows making it possible to build
addons linked against the bundled version of openssl (Alex Hultman)
https://github.com/nodejs/node/pull/7576
* debugger:
- make listen address configurable in the debugger server
(Ben Noordhuis) https://github.com/nodejs/node/pull/3316
* dgram:
- generalized send queue to handle close fixing a potential throw
when dgram socket is closed in the listening event handler.
(Matteo Collina) https://github.com/nodejs/node/pull/7066
* http:
- Introduce the 451 status code "Unavailable For Legal Reasons"
(Max Barinov) https://github.com/nodejs/node/pull/4377
* tls:
- introduce `secureContext` for `tls.connect` which is useful for
caching client certificates, key, and CA certificates.
(Fedor Indutny) https://github.com/nodejs/node/pull/4246
Notable SEMVER-PATCH changes include:
* build:
- introduce the configure --shared option for embedders (sxa555)
https://github.com/nodejs/node/pull/6994
* gtest:
- the test reporter now outputs tap comments as yamlish
(Johan Bergström) https://github.com/nodejs/node/pull/9262
* src:
- node no longer aborts when c-ares initialization fails
(Ben Noordhuis) https://github.com/nodejs/node/pull/8710
* tls:
- fix memory leak when writing data to TLSWrap instance during
handshake (Fedor Indutny)
https://github.com/nodejs/node/pull/9586
PR-URL: https://github.com/nodejs/node/pull/9736
Fix a regression introduced in commit 2996b5c ("crypto: Allow GCM
ciphers to have a longer IV length") from April 2016 where a misplaced
parenthesis in a 'is ECB cipher?' check made it possible to use empty
IVs with non-ECB ciphers.
Also fix some exit bugs in test/parallel/test-crypto-authenticated.js
that were introduced in commit 4a40832 ("test: cleanup IIFE tests")
where removing the IFFEs made the test exit prematurely instead of just
skipping subtests.
PR-URL: https://github.com/nodejs/node/pull/9032
Refs: https://github.com/nodejs/node/pull/6376
Refs: https://github.com/nodejs/node/issues/9024
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Change `Malloc()/Calloc()` so that size zero does not return a null
pointer, consistent with prior behavior.
Fixes: https://github.com/nodejs/node/issues/8571
PR-URL: https://github.com/nodejs/node/pull/8572
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@keybase.io>
Reviewed-By: Yorkie Liu <yorkiefixer@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
malloc(0) and realloc(ptr, 0) have implementation-defined behavior in
that the standard allows them to either return a unique pointer or a
nullptr for zero-sized allocation requests. Normalize by always using
a nullptr.
- Introduce node::malloc, node::realloc and node::calloc that should
be used throught our source.
- Update all existing node source files to use the new functions
instead of the native allocation functions.
Fixes: https://github.com/nodejs/node/issues/7549
PR-URL: https://github.com/nodejs/node/pull/7564
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
This commit attempts to fix one of the items in
https://github.com/nodejs/node/issues/4641, which was to remove a TODO
comment from env.h regarding the naming of the ares_task_t struct.
Also, the struct ares_task_list was renamed to node_ares_task_list
following the same reasoning that is does not belong to the c-ares API.
PR-URL: https://github.com/nodejs/node/pull/7345
Reviewed-By: Brian White <mscdex@mscdex.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit attempts to fix one of the items in
https://github.com/nodejs/node/issues/4641, which was to remove a
TODO the UDPWrap::OnSend function and share the code in that method with
StreamWrap::AfterWrite.
While looking into this addaleax pointed out that the implementations
for these two functions have diverged since the original comment
was added:
$ git log --pretty=short -u -L 357,357:src/udp_wrap.cc
$ git show cbd4033619cc45abdf878285c412bac9c3f36e4e:src/udp_wrap.cc |
grep -1 -A26 'UDPWrap::OnSend'
git show cbd4033619cc45abdf878285c412bac9c3f36e4e:src/stream_wrap.cc |
grep -A27 'void StreamWrap::AfterWrite'
Removing the TODO comment seems appropriate in this case.
PR-URL: https://github.com/nodejs/node/pull/9000
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
PR-URL: https://github.com/nodejs/node/pull/8989
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Brian White <mscdex@mscdex.net>
`--debug=1.2.3.4:5678` and `--debug=example.com:5678` are now accepted,
likewise the `--debug-brk` and `--debug-port` switch. The latter is
now something of a misnomer but it's undocumented and for internal use
only so it shouldn't matter too much.
`--inspect=1.2.3.4:5678` and `--inspect=example.com:5678` are also
accepted but don't use the host name yet; they still bind to the
default address.
Fixes: https://github.com/nodejs/node/issues/3306
PR-URL: https://github.com/nodejs/node/pull/3316
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Moves inflateSetDictionary right after inflateInit2 when mode is
INFLATERAW, since without the wrapper in appears zlib won't return
Z_NEED_DICT as it would otherwise, and will thus attempt inflating
without the dictionary, leading to an error.
Throw a JS exception instead of aborting so the user at least has a
fighting chance of understanding what went wrong.
Fixes: https://github.com/nodejs/node/issues/8699
PR-URL: https://github.com/nodejs/node/pull/8710
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
Reviewed-By: Ilkka Myller <ilkka.myller@nodefield.com>
Add configure flag for building a shared library that can be
embedded in other applications (like Electron). Add flags
--without-bundled-v8 and --without-v8-platform to control V8
dependencies used.
PR-URL: https://github.com/nodejs/node/pull/6994
Ref: https://github.com/nodejs/node/pull/7487
Ref: https://github.com/nodejs/node/pull/9385
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor@indutny.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
rval never existed, it was added as that in 077f9d7293
Fixes: https://github.com/nodejs/node/issues/9001
PR-URL: https://github.com/nodejs/node/pull/9023
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
v8::Object::GetAlignedPointerFromInternalField() returns a random value
if Wrap() hasn't been run on the object handle. Causing v8 to abort if
certain getters are accessed. It's possible to access these getters and
functions during class construction through the AsyncWrap init()
callback, and also possible in a subset of those scenarios while running
the persistent handle visitor.
Mitigate this issue by manually setting the internal aligned pointer
field to nullptr in the BaseObject constructor and add necessary logic
to return appropriate values when nullptr is encountered.
PR-URL: https://github.com/nodejs/node/pull/6184
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
First cast the pointer to the child Base class before casting to the
parent class to make sure it returns the correct pointer.
PR-URL: https://github.com/nodejs/node/pull/6184
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Though the TLSWrap constructor is only called via TLSWrap::Wrap() (i.e.
tls_wrap.wrap()) internally, it is still exposed to JS. Don't allow the
application to abort by inspecting the instance before it has been
wrap'd by another handle.
PR-URL: https://github.com/nodejs/node/pull/6184
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
In case the handle is stored and accessed after the associated C++ class
was destructed, set the internal pointer to nullptr so any
getters/setters can return accordingly without aborting the application.
PR-URL: https://github.com/nodejs/node/pull/6184
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
To make sure casting a class of multiple inheritance from a void* to
AsyncWrap succeeds make AsyncWrap the first inherited class.
PR-URL: https://github.com/nodejs/node/pull/6184
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
`FChown` and `Chown` test that the `uid` and `gid` parameters
they receive are unsigned integers, but `Stat()` and `FStat()`
would return the corresponding fields of `uv_stat_t` as signed
integers. Applications which pass those these values directly
to `Chown` may fail
(e.g. for `nobody` on OS X, who has an `uid` of `-2`, see e.g.
https://github.com/nodejs/node-v0.x-archive/issues/5890).
This patch changes the `Integer::New()` call for `uid` and `gid`
to `Integer::NewFromUnsigned()`.
All other fields are kept as they are, for performance, but
strictly speaking the respective sizes of those
fields aren’t specified, either.
Ref: https://github.com/npm/npm/issues/13918
PR-URL: https://github.com/nodejs/node/pull/8515
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
undo accidental change to other fields of uv_fs_stat
Disable stdio buffering, it interacts poorly with printf() calls from
elsewhere in the program (e.g., any logging from V8.) Unbreaks among
other things the `--trace_debug_json` switch.
Undoes commit 0966ab99 ("src: force line buffering for stderr"), which
in retrospect is not a proper fix. Turning on line buffering fixed a
flaky test on SmartOS but the test wasn't failing on other platforms,
where stderr wasn't line-buffered either. Mark the test flaky again,
it failed once in a run of 333 tries on the smartos-64 buildbot.
Disabling buffering should be safe even when mixed with non-blocking
stdio I/O because libuv goes to great lengths to reopen the tty file
descriptors and falls back to blocking I/O when that fails.
PR-URL: https://github.com/nodejs/node/pull/7610
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Coverity marked a change in 630096b as a constant expression.
However, on platforms where sizeof(int64_t) > sizeof(size_t),
this should not be the case. This commit flags the comparison
as OK to coverity.
PR-URL: https://github.com/nodejs/node/pull/7587
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
ParseArrayIndex() would wrap around large (>=2^32) index values on
platforms where sizeof(int64_t) > sizeof(size_t). Ensure that the
return value fits in a size_t.
PR-URL: https://github.com/nodejs/node/pull/7497
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
It's not used anywhere else so move it out of src/node_internals.h.
PR-URL: https://github.com/nodejs/node/pull/7497
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
API function callbacks run inside an implicit HandleScope. We don't
need to explicitly create one and in fact introduce some unnecessary
overhead when we do.
PR-URL: https://github.com/nodejs/node/pull/7711
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Create a handle scope before performing a check that creates a handle,
otherwise the handle is leaked into the handle scope of the caller.
PR-URL: https://github.com/nodejs/node/pull/7711
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Create a handle scope before performing a check that creates a handle,
otherwise the handle is leaked into the handle scope of the caller.
PR-URL: https://github.com/nodejs/node/pull/7711
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Fix handle leaks in Buffer::New() and Buffer::Copy() by creating the
handle scope before looking up the env with Environment::GetCurrent().
Environment::GetCurrent() calls v8::Isolate::GetCurrentContext(), which
creates a handle in the current scope, i.e., the scope created by the
caller of Buffer::New() or Buffer::Copy().
PR-URL: https://github.com/nodejs/node/pull/7711
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
We will be introducing many more critical sections in the upcoming
multi-isolate changes, so let's make manual synchronization a thing
of the past.
PR-URL: https://github.com/nodejs/node/pull/7334
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Set the `req.buffer` property, which serves as a way of keeping
a `Buffer` alive that is being written to a stream, on the C++
side instead of the JS side.
This closes a hole where buffers that were temporarily created
in order to write strings with uncommon encodings (e.g. `hex`)
were passed to the native side without being set as `req.buffer`.
Fixes: https://github.com/nodejs/node/issues/8251
PR-URL: https://github.com/nodejs/node/pull/8252
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This is a security release. All Node.js users should consult the
security release summary at
https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
for details on patched vulnerabilities.
Notable Changes
Semver Minor:
* openssl:
- Upgrade to 1.0.2i, fixes a number of defects impacting Node.js:
CVE-2016-6304 ("OCSP Status Request extension unbounded memory
growth", high severity), CVE-2016-2183, CVE-2016-6303,
CVE-2016-2178 and CVE-2016-6306.
(Shigeki Ohtsu) https://github.com/nodejs/node/pull/8714
- Upgrade to 1.0.2j, fixes a defect included in 1.0.2i resulting in
a crash when using CRLs, CVE-2016-7052.
(Shigeki Ohtsu) https://github.com/nodejs/node/pull/8786
- Remove support for loading dynamic third-party engine modules.
An attacker may be able to hide malicious code to be inserted into
Node.js at runtime by masquerading as one of the dynamic engine
modules. Originally reported by Ahmed Zaki (Skype).
(Ben Noordhuis) https://github.com/nodejs/node-private/pull/70
* http: CVE-2016-5325 - Properly validate for allowable characters in
the `reason` argument in `ServerResponse#writeHead()`. Fixes a
possible response splitting attack vector. This introduces a new
case where `throw` may occur when configuring HTTP responses, users
should already be adopting try/catch here. Originally reported
independently by Evan Lucas and Romain Gaucher.
(Evan Lucas) https://github.com/nodejs/node-private/pull/46
Semver Patch:
* buffer: Zero-fill excess bytes in new `Buffer` objects created with
`Buffer.concat()` while providing a `totalLength` parameter that
exceeds the total length of the original `Buffer` objects being
concatenated.
(Сковорода Никита Андреевич) https://github.com/nodejs/node-private/pull/65
* tls: CVE-2016-7099 - Fix invalid wildcard certificate validation
check whereby a TLS server may be able to serve an invalid wildcard
certificate for its hostname due to improper validation of `*.` in
the wildcard string. Originally reported by Alexander Minozhenko and
James Bunton (Atlassian).
(Ben Noordhuis) https://github.com/nodejs/node-private/pull/63
PR-URL: https://github.com/nodejs/node-private/pull/74
This commit removes some unnecessary signed checks on unsigned
variables.
PR-URL: https://github.com/nodejs/node/pull/7174
Reviewed-By: Sakthipriyan Vairamani <thechargingvolcano@gmail.com>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
GCM cipher IV length can be >=1 bytes.
When not the default 12 bytes (96 bits) sets the IV length using
`EVP_CIPHER_CTX_ctrl` with type `EVP_CTRL_GCM_SET_IVLEN`
PR-URL: https://github.com/nodejs/node/pull/6376
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Fedor Indutny <fedor.indutny@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@iij.ad.jp>
Pointed out by Coverity. Introduced in commit 05d30d53 from July 2015
("fs: implemented WriteStream#writev").
WriteBuffers() leaked memory in the synchronous uv_fs_write() error path
when trying to write > 1024 buffers.
PR-URL: https://github.com/nodejs/node/pull/7374
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Trevor Norris
Myles Borins
Myles Borins
Ben Noordhuis
Rich Trott
Michael Dawson
Daniel Bevenius
Juan Andres Andrango
Tarjei Husøy
sxa555
Miguel Angel Asencio Hurtado
Anna Henningsen
cjihrig
Steven R. Loomis
Nikolai Vavilov
Christopher Jeffrey
Rod Vagg
Brian White
Michael Wain