diff options
author | Anna Henningsen <anna@addaleax.net> | 2016-05-02 03:52:46 +0200 |
---|---|---|
committer | Anna Henningsen <anna@addaleax.net> | 2016-05-04 22:14:23 +0200 |
commit | 55b975d402a796ab5dcd8efe903646f58438054e (patch) | |
tree | 9485e4fab2578dd953305221471b50e07f703048 /src | |
parent | bfe645d1f47c527ced252a6303b5e30bb8c3d6f6 (diff) | |
download | android-node-v8-55b975d402a796ab5dcd8efe903646f58438054e.tar.gz android-node-v8-55b975d402a796ab5dcd8efe903646f58438054e.tar.bz2 android-node-v8-55b975d402a796ab5dcd8efe903646f58438054e.zip |
buffer: fix lastIndexOf crash for overlong needle
Return -1 in `Buffer.lastIndexOf` if the needle is longer than the
haystack. The previous check only tested the corresponding
condition for forward searches.
This applies only to Node.js v6, as `lastIndexOf` was added in it.
Fixes: https://github.com/nodejs/node/issues/6510
PR-URL: https://github.com/nodejs/node/pull/6511
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Trevor Norris <trev.norris@gmail.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/node_buffer.cc | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/src/node_buffer.cc b/src/node_buffer.cc index 44020d91a1..bb77387e8f 100644 --- a/src/node_buffer.cc +++ b/src/node_buffer.cc @@ -1011,7 +1011,8 @@ void IndexOfString(const FunctionCallbackInfo<Value>& args) { } size_t offset = static_cast<size_t>(opt_offset); CHECK_LT(offset, haystack_length); - if (is_forward && needle_length + offset > haystack_length) { + if ((is_forward && needle_length + offset > haystack_length) || + needle_length > haystack_length) { return args.GetReturnValue().Set(-1); } @@ -1113,7 +1114,8 @@ void IndexOfBuffer(const FunctionCallbackInfo<Value>& args) { } size_t offset = static_cast<size_t>(opt_offset); CHECK_LT(offset, haystack_length); - if (is_forward && needle_length + offset > haystack_length) { + if ((is_forward && needle_length + offset > haystack_length) || + needle_length > haystack_length) { return args.GetReturnValue().Set(-1); } |