diff options
author | cjihrig <cjihrig@gmail.com> | 2017-11-05 01:05:16 +0300 |
---|---|---|
committer | cjihrig <cjihrig@gmail.com> | 2017-11-07 23:20:27 +0300 |
commit | de1754a761378bf93abd5fd3c53cd88b55bf163f (patch) | |
tree | 626ea61fb9d74263c75e2a0a9cc2ddf394a1873b /src/process_wrap.cc | |
parent | 90a43906ab5ca8bdf154fb7644d70da9e3acdf00 (diff) |
src: CHECK() for argument overflow in Spawn()
This commit adds checks for overflow to args and env in Spawn().
It seems extremely unlikely that either of these values would
overflow from a valid use case.
Fixes: https://github.com/nodejs/node/issues/15622
PR-URL: https://github.com/nodejs/node/pull/16761
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Diffstat (limited to 'src/process_wrap.cc')
-rw-r--r-- | src/process_wrap.cc | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/process_wrap.cc b/src/process_wrap.cc index c1148f9bfb2..a73e4d9779e 100644 --- a/src/process_wrap.cc +++ b/src/process_wrap.cc @@ -185,6 +185,8 @@ class ProcessWrap : public HandleWrap { if (!argv_v.IsEmpty() && argv_v->IsArray()) { Local<Array> js_argv = Local<Array>::Cast(argv_v); int argc = js_argv->Length(); + CHECK_GT(argc + 1, 0); // Check for overflow. + // Heap allocate to detect errors. +1 is for nullptr. options.args = new char*[argc + 1]; for (int i = 0; i < argc; i++) { @@ -211,6 +213,7 @@ class ProcessWrap : public HandleWrap { if (!env_v.IsEmpty() && env_v->IsArray()) { Local<Array> env_opt = Local<Array>::Cast(env_v); int envc = env_opt->Length(); + CHECK_GT(envc + 1, 0); // Check for overflow. options.env = new char*[envc + 1]; // Heap allocated to detect errors. for (int i = 0; i < envc; i++) { node::Utf8Value pair(env->isolate(), |