diff options
| author | Ben Noordhuis <info@bnoordhuis.nl> | 2016-06-22 14:32:56 +0200 |
|---|---|---|
| committer | Ben Noordhuis <info@bnoordhuis.nl> | 2016-06-29 12:21:09 +0200 |
| commit | da4c1c314d0b933810c03b368a9a3379b82481d3 (patch) | |
| tree | fa338cb2ec1f999abe5c410fd941cad02aacb86d /src/node_zlib.cc | |
| parent | 26a918f4f5bc56a246ab07db20f871c07a29a887 (diff) | |
| download | android-node-v8-da4c1c314d0b933810c03b368a9a3379b82481d3.tar.gz android-node-v8-da4c1c314d0b933810c03b368a9a3379b82481d3.tar.bz2 android-node-v8-da4c1c314d0b933810c03b368a9a3379b82481d3.zip | |
src: fix use-after-return in zlib bindings
Pointed out by Coverity. Introduced in commit 5b8e1dab from September
2011 ("Initial pass at zlib bindings".)
The asynchronous version of Write() used a pointer to a stack-allocated
buffer on flush. A mitigating factor is that zlib does not dereference
the pointer for zero-sized writes but it's still technically UB.
PR-URL: https://github.com/nodejs/node/pull/7374
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Diffstat (limited to 'src/node_zlib.cc')
| -rw-r--r-- | src/node_zlib.cc | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/src/node_zlib.cc b/src/node_zlib.cc index 7ce4a1e361..2c583298d9 100644 --- a/src/node_zlib.cc +++ b/src/node_zlib.cc @@ -149,8 +149,7 @@ class ZCtx : public AsyncWrap { if (args[1]->IsNull()) { // just a flush - Bytef nada[1] = { 0 }; - in = nada; + in = nullptr; in_len = 0; in_off = 0; } else { |