Skip to content

Commit

Permalink
src: fix double free reported by coverity
Browse files Browse the repository at this point in the history
Fix double free reported by coverity. ToBufferEndian()
in node_i18n.cc was the only caller of Buffer::New() passing
in a MaybeStackBuffer. Coverity reported a double free
because there were paths in which the src buffer would
be deleted by both the destruction of the MaybeStackBuffer and
by the Buffer which was done even in failure cases for
Buffer::New().

Signed-off-by: Michael Dawson <[email protected]>
  • Loading branch information
mhdawson committed Dec 4, 2023
1 parent d4bcdd8 commit e9bf31e
Showing 1 changed file with 4 additions and 8 deletions.
12 changes: 4 additions & 8 deletions src/node_internals.h
Original file line number Diff line number Diff line change
Expand Up @@ -190,16 +190,12 @@ static v8::MaybeLocal<v8::Object> New(Environment* env,
char* src = reinterpret_cast<char*>(buf->out());
const size_t len_in_bytes = buf->length() * sizeof(buf->out()[0]);

if (buf->IsAllocated())
if (buf->IsAllocated()) {
ret = New(env, src, len_in_bytes);
else if (!buf->IsInvalidated())
ret = Copy(env, src, len_in_bytes);

if (ret.IsEmpty())
return ret;

if (buf->IsAllocated())
// new always takes ownership of src
buf->Release();
} else if (!buf->IsInvalidated())
ret = Copy(env, src, len_in_bytes);

return ret;
}
Expand Down

0 comments on commit e9bf31e

Please sign in to comment.