Fix pool pollution, infinite loop #508
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
When nanoid is called with a fractional value, there were a number of undesirable effects: - in browser and non-secure, the code infinite loops on `while (size--)` - in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled: when `i` is initialized to `poolOffset`, `pool[i] & 63` -> `undefined & 63` -> `0` - if the first call in node is a fractional argument, the initial buffer allocation fails with an error I chose `|0` to cast to a signed integer primarily because that has a slightly better outcome in the third case above: if the first call is negative (e.g. `nanoid(-1)`) then Node will throw an error for an invalid Buffer size, rather than attempting to allocate a buffer of size `2**32-1`. It's also more compact than `>>>0`, which would be necessary to cast to an unsigned integer. I don't _think_ there is a use case for generating ids longer than `2**31-1` :)
myndzi
added a commit
to myndzi/nanoid
that referenced
this pull request
Nov 26, 2024
I didn't fully understand the project and test structure, but while preparing the backport for v3 I gained a fuller understanding. The tests now exercise the customAlphabet code and the non-secure variant, and fix the infinite loop case in `customRandom` on both node and the browser.
myndzi
added a commit
to myndzi/nanoid
that referenced
this pull request
Nov 26, 2024
I didn't fully understand the project and test structure, but while preparing the backport for v3 I gained a fuller understanding. The tests now exercise the customAlphabet code and the non-secure variant, and fix the infinite loop case in `customRandom` on both node and the browser.
ai
pushed a commit
that referenced
this pull request
Nov 26, 2024
* Additional fixes and tests for #508 I didn't fully understand the project and test structure, but while preparing the backport for v3 I gained a fuller understanding. The tests now exercise the customAlphabet code and the non-secure variant, and fix the infinite loop case in `customRandom` on both node and the browser. * `const` -> `let` * lint
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When nanoid is called with a fractional value, there were a number of undesirable effects:
while (size--)iis initialized topoolOffset,pool[i] & 63->undefined & 63->0I chose
|0to cast to a signed integer primarily because that has a slightly better outcome in the third case above: if the first call is negative (e.g.nanoid(-1)) then Node will throw an error for an invalid Buffer size, rather than attempting to allocate a buffer of size2**32-1. It's also more compact than>>>0, which would be necessary to cast to an unsigned integer. I don't think there is a use case for generating ids longer than2**31-1:)