fs.ftruncate silently accepts negative offsets rather than failing with ERR_INVALID #35632

sbc100 · 2020-10-13T19:13:59Z

fs.ftruncate and fd.ftruncateSync both silently ignore negative offsets:

Line 840 in 2cfdf28

len = MathMax(0, len);

This didn't always do behave like this.. looks like it was introduced in 8974df1

What steps will reproduce the bug?

var fs = require("fs");
var fd = fs.openSync("f", 'w+');
console.log(fs.ftruncateSync(fd, -99));

What is the expected behavior?

The ftruncate POSIX function is described as returning EINVAL when given a negative offset:
https://linux.die.net/man/2/ftruncate

In emscripten we emulate a POSIX environment on top of the Web and on top of node and expect ftruncate to fail in the same way.

We can obviously add a check to our code as a workaround but this does seem like a bug in node.

What do you see instead?

Silently assumed 0 length is what the caller really wants.

The text was updated successfully, but these errors were encountered:

Narasimha1997 · 2020-10-14T04:49:49Z

Maybe removing len = MathMax(0, len); would fix the issue, or by explicitly handling the negative value case before calling the internal method. Had experienced this issue, a week back ! I solved this by explicitly checking the len before passing it down to the ftruncateSync()

RaisinTen · 2020-10-14T08:14:36Z

What about adding this sort of a change?

-  len = MathMax(0, len);
+  if (len < 0) {
+    throw new ERR_FS_FILE_TOO_SMALL(len);
+  } else if (len > kIoMaxLength) {
+    throw new ERR_FS_FILE_TOO_LARGE(len);
+  }

where, ERR_FS_FILE_TOO_LARGE already exists and we make a new error code ERR_FS_FILE_TOO_SMALL for negative sizes and this is all about kIoMaxLength:

node/lib/fs.js

Lines 27 to 29 in 999e7d7

    
           // Most platforms don't allow reads or writes >= 2 GB. 
        
           // See https://github.com/libuv/libuv/pull/1501. 
        
           const kIoMaxLength = 2 ** 31 - 1;

This would take care of both the upper and the lower limits for the allowed size in ftruncate.

sbc100 · 2020-10-14T16:58:30Z

I'm not familiar with node code but isn't there already the simple equivalent of EINVAL? Is it a good idea to add more error codes?

Narasimha1997 · 2020-10-14T17:27:06Z

Node 8.xx.xx throws EINVAL properly for negative offset. Maybe there is no need to handle explicitly. Even len = MathMax(0, len) is not required. The internal system call itself terminates with EINVAL when it sees negative offset. So no need to handle anything explicitly. If you check the source code of 8.xx.xx there is no explicit validation being done.

`fs.ftruncate`, `fsPromises.truncate`, and `fsPromises.ftruncate` all adjust negative lengths to 0 before invoking the system call. `fs.truncate()` was the one outlier. This "fixes" nodejs#35632 but in the opposite direction than discussed in the issue -- specifically by removing an EINVAL error from one function rather than adding it to another. Signed-off-by: James M Snell <[email protected]> Fixes: nodejs#35632

jasnell · 2021-02-22T21:22:49Z

PR: #37483

`fs.ftruncate`, `fsPromises.truncate`, and `fsPromises.ftruncate` all adjust negative lengths to 0 before invoking the system call. `fs.truncate()` was the one outlier. This "fixes" nodejs#35632 but in the opposite direction than discussed in the issue -- specifically by removing an EINVAL error from one function rather than adding it to another. Signed-off-by: James M Snell <[email protected]> Fixes: nodejs#35632

`fs.ftruncate`, `fsPromises.truncate`, and `fsPromises.ftruncate` all adjust negative lengths to 0 before invoking the system call. `fs.truncate()` was the one outlier. This "fixes" #35632 but in the opposite direction than discussed in the issue -- specifically by removing an EINVAL error from one function rather than adding it to another. Signed-off-by: James M Snell <[email protected]> Fixes: #35632 PR-URL: #37483 Reviewed-By: Darshan Sen <[email protected]> Reviewed-By: Juan José Arboleda <[email protected]> Reviewed-By: Luigi Pinca <[email protected]>

PoojaDurgad added fs Issues and PRs related to the fs subsystem / file system. confirmed-bug Issues with confirmed bugs. labels Oct 14, 2020

IgorHalfeld mentioned this issue Oct 14, 2020

fix: ftruncate for negative and maximum values #35645

Closed

4 tasks

jasnell mentioned this issue Feb 22, 2021

fs: fixup negative length in fs.truncate #37483

Closed

jasnell closed this as completed in 148bc33 Feb 25, 2021

kleisauke mentioned this issue Jun 8, 2023

WasmFS JS API: Implement truncate emscripten-core/emscripten#19543

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fs.ftruncate silently accepts negative offsets rather than failing with ERR_INVALID #35632

fs.ftruncate silently accepts negative offsets rather than failing with ERR_INVALID #35632

sbc100 commented Oct 13, 2020 •

edited

Loading

Narasimha1997 commented Oct 14, 2020 •

edited

Loading

RaisinTen commented Oct 14, 2020

sbc100 commented Oct 14, 2020

Narasimha1997 commented Oct 14, 2020

jasnell commented Feb 22, 2021

fs.ftruncate silently accepts negative offsets rather than failing with ERR_INVALID #35632

fs.ftruncate silently accepts negative offsets rather than failing with ERR_INVALID #35632

Comments

sbc100 commented Oct 13, 2020 • edited Loading

What steps will reproduce the bug?

What is the expected behavior?

What do you see instead?

Narasimha1997 commented Oct 14, 2020 • edited Loading

RaisinTen commented Oct 14, 2020

sbc100 commented Oct 14, 2020

Narasimha1997 commented Oct 14, 2020

jasnell commented Feb 22, 2021

sbc100 commented Oct 13, 2020 •

edited

Loading

Narasimha1997 commented Oct 14, 2020 •

edited

Loading