src: fix invalid windowBits=8 gzip segfault #33045

bnoordhuis · 2020-04-24T19:14:47Z

{ windowBits: 8 } is legal for deflate streams but not gzip streams.
Fix a nullptr dereference when formatting the error message.

Bug introduced in commit c34eae5 ("zlib: refactor zlib internals")
from September 2018.

zlib: reject windowBits=8 when mode=GZIP

It's also handled in C++ land now, per the previous commit, but
intercepting it in JS land makes for prettier error messages.

`{ windowBits: 8 }` is legal for deflate streams but not gzip streams. Fix a nullptr dereference when formatting the error message. Bug introduced in commit c34eae5 ("zlib: refactor zlib internals") from September 2018.

It's also handled in C++ land now, per the previous commit, but intercepting it in JS land makes for prettier error messages.

lib/zlib.js

src/node_zlib.cc

nodejs-github-bot · 2020-05-07T23:40:09Z

CI: https://ci.nodejs.org/job/node-test-pull-request/31226/

lib/zlib.js

Co-authored-by: Jiawen Geng <technicalcute@gmail.com>

nodejs-github-bot · 2020-05-08T01:43:19Z

CI: https://ci.nodejs.org/job/node-test-pull-request/31229/

`{ windowBits: 8 }` is legal for deflate streams but not gzip streams. Fix a nullptr dereference when formatting the error message. Bug introduced in commit c34eae5 ("zlib: refactor zlib internals") from September 2018. PR-URL: #33045 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de> Reviewed-By: David Carlier <devnexen@gmail.com>

It's also handled in C++ land now, per the previous commit, but intercepting it in JS land makes for prettier error messages. PR-URL: #33045 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de> Reviewed-By: David Carlier <devnexen@gmail.com>

addaleax · 2020-05-09T05:54:53Z

Landed in 3226731...d8a380e

`{ windowBits: 8 }` is legal for deflate streams but not gzip streams. Fix a nullptr dereference when formatting the error message. Bug introduced in commit c34eae5 ("zlib: refactor zlib internals") from September 2018. PR-URL: #33045 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de> Reviewed-By: David Carlier <devnexen@gmail.com>

It's also handled in C++ land now, per the previous commit, but intercepting it in JS land makes for prettier error messages. PR-URL: #33045 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de> Reviewed-By: David Carlier <devnexen@gmail.com>

`{ windowBits: 8 }` is legal for deflate streams but not gzip streams. Fix a nullptr dereference when formatting the error message. Bug introduced in commit c34eae5 ("zlib: refactor zlib internals") from September 2018. PR-URL: #33045 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de> Reviewed-By: David Carlier <devnexen@gmail.com>

It's also handled in C++ land now, per the previous commit, but intercepting it in JS land makes for prettier error messages. PR-URL: #33045 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de> Reviewed-By: David Carlier <devnexen@gmail.com>

bnoordhuis added 2 commits April 24, 2020 21:12

src: fix invalid windowBits=8 gzip segfault

9436534

`{ windowBits: 8 }` is legal for deflate streams but not gzip streams. Fix a nullptr dereference when formatting the error message. Bug introduced in commit c34eae5 ("zlib: refactor zlib internals") from September 2018.

zlib: reject windowBits=8 when mode=GZIP

1cec86e

It's also handled in C++ land now, per the previous commit, but intercepting it in JS land makes for prettier error messages.

nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. zlib Issues and PRs related to the zlib subsystem. labels Apr 24, 2020

addaleax approved these changes Apr 24, 2020

View reviewed changes

lib/zlib.js Outdated Show resolved Hide resolved

src/node_zlib.cc Outdated Show resolved Hide resolved

Flarna approved these changes Apr 24, 2020

View reviewed changes

devnexen approved these changes Apr 24, 2020

View reviewed changes

addaleax added 2 commits May 8, 2020 01:39

fixup! zlib: reject windowBits=8 when mode=GZIP

4de03b1

fixup! src: fix invalid windowBits=8 gzip segfault

40da66d

addaleax added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label May 7, 2020

gengjiawen reviewed May 8, 2020

View reviewed changes

lib/zlib.js Outdated Show resolved Hide resolved

fixup! zlib: reject windowBits=8 when mode=GZIP

61b08c3

Co-authored-by: Jiawen Geng <technicalcute@gmail.com>

addaleax closed this May 9, 2020

codebytere mentioned this pull request May 18, 2020

v14.3.0 proposal #33452

Merged

codebytere mentioned this pull request Jun 9, 2020

v12.18.1 proposal #33811

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

src: fix invalid windowBits=8 gzip segfault #33045

src: fix invalid windowBits=8 gzip segfault #33045

bnoordhuis commented Apr 24, 2020

nodejs-github-bot commented May 7, 2020

nodejs-github-bot commented May 8, 2020

addaleax commented May 9, 2020

src: fix invalid windowBits=8 gzip segfault #33045

src: fix invalid windowBits=8 gzip segfault #33045

Conversation

bnoordhuis commented Apr 24, 2020

nodejs-github-bot commented May 7, 2020

nodejs-github-bot commented May 8, 2020

addaleax commented May 9, 2020