summaryrefslogtreecommitdiff
path: root/src/process_wrap.cc
diff options
context:
space:
mode:
authorcjihrig <cjihrig@gmail.com>2017-11-04 18:05:16 -0400
committercjihrig <cjihrig@gmail.com>2017-11-07 15:20:27 -0500
commitde1754a761378bf93abd5fd3c53cd88b55bf163f (patch)
tree626ea61fb9d74263c75e2a0a9cc2ddf394a1873b /src/process_wrap.cc
parent90a43906ab5ca8bdf154fb7644d70da9e3acdf00 (diff)
downloadandroid-node-v8-de1754a761378bf93abd5fd3c53cd88b55bf163f.tar.gz
android-node-v8-de1754a761378bf93abd5fd3c53cd88b55bf163f.tar.bz2
android-node-v8-de1754a761378bf93abd5fd3c53cd88b55bf163f.zip
src: CHECK() for argument overflow in Spawn()
This commit adds checks for overflow to args and env in Spawn(). It seems extremely unlikely that either of these values would overflow from a valid use case. Fixes: https://github.com/nodejs/node/issues/15622 PR-URL: https://github.com/nodejs/node/pull/16761 Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Diffstat (limited to 'src/process_wrap.cc')
-rw-r--r--src/process_wrap.cc3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/process_wrap.cc b/src/process_wrap.cc
index c1148f9bfb..a73e4d9779 100644
--- a/src/process_wrap.cc
+++ b/src/process_wrap.cc
@@ -185,6 +185,8 @@ class ProcessWrap : public HandleWrap {
if (!argv_v.IsEmpty() && argv_v->IsArray()) {
Local<Array> js_argv = Local<Array>::Cast(argv_v);
int argc = js_argv->Length();
+ CHECK_GT(argc + 1, 0); // Check for overflow.
+
// Heap allocate to detect errors. +1 is for nullptr.
options.args = new char*[argc + 1];
for (int i = 0; i < argc; i++) {
@@ -211,6 +213,7 @@ class ProcessWrap : public HandleWrap {
if (!env_v.IsEmpty() && env_v->IsArray()) {
Local<Array> env_opt = Local<Array>::Cast(env_v);
int envc = env_opt->Length();
+ CHECK_GT(envc + 1, 0); // Check for overflow.
options.env = new char*[envc + 1]; // Heap allocated to detect errors.
for (int i = 0; i < envc; i++) {
node::Utf8Value pair(env->isolate(),
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-03 16:28:00 +0000