v6.6.0 node::PBKDF2() Out of Memory

[scttcper]

The following code crashes in v6.6.0 on OSX 10.11.6. v6.5.0 does not crash.

running

var crypto = require('crypto');
var salt = new Buffer('McWpw6FL29zJ6E97Le3hKQ==', 'base64');
crypto.pbkdf2('', salt, 1, 32, "sha256", function(error, saltedPassword) {
  console.log(error);
  console.log(saltedPassword);
});

results in

FATAL ERROR: node::PBKDF2() Out of Memory
 1: node::Abort() [/Users/scoope7/.nvm/versions/node/v6.6.0/bin/node]
 2: node::FatalException(v8::Isolate*, v8::Local<v8::Value>, v8::Local<v8::Message>) [/Users/scoope7/.nvm/versions/node/v6.6.0/bin/node]
 3: node::ClearFatalExceptionHandlers(node::Environment*) [/Users/scoope7/.nvm/versions/node/v6.6.0/bin/node]
 4: node::crypto::RandomBytesWork(uv_work_s*) [/Users/scoope7/.nvm/versions/node/v6.6.0/bin/node]
 5: v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const&)) [/Users/scoope7/.nvm/versions/node/v6.6.0/bin/node]
 6: v8::internal::MaybeHandle<v8::internal::Object> v8::internal::(anonymous namespace)::HandleApiCallHelper<false>(v8::internal::Isolate*, v8::internal::(anonymous namespace)::BuiltinArguments<(v8::internal::BuiltinExtraArguments)1>) [/Users/scoope7/.nvm/versions/node/v6.6.0/bin/node]
 7: v8::internal::Builtin_HandleApiCall(int, v8::internal::Object**, v8::internal::Isolate*) [/Users/scoope7/.nvm/versions/node/v6.6.0/bin/node]
 8: 0xe4335f092a7
[1]    45139 abort      node crash.js

This was code extracted out of https://github.com/neumino/rethinkdbdash that was crashing a project.

[not-an-aardvark]

I was able to reproduce this on OSX 10.11.6.

[MarkHerhold]

@scttcper Thanks for reporting this! I just hit the same issue in my project which also uses rethinkdbdash, so I assume the issue is the same.

[mscdex]

Confirmed on Linux as well.

[not-an-aardvark]

It's possible a00ccb0 is the cause, I'll bisect to verify.

[mscdex]

I can confirm that reverting a00ccb0 fixes it.

/cc @mhdawson @addaleax @bnoordhuis

[mscdex]

I think we may need to add a length check for every nullptr check, like what was done in ed640ae? It seems like there are many uses of node::Malloc() without that extra check.

[Trott]

I think we may need to add a length check for every nullptr check, like what was done in ed640ae?

Sure seems like that change set needs to be gone over to find nullptr checks that might be affected.

As far as the specific issue here, test case and proposed fix at #8572

[niieani]

I'm also getting a crash when running tsc compilation (TypeScript) with 6.6.0. It works with 6.5.0. Not sure if it's the same error though.

[not-an-aardvark]

@niieani, would you mind posting the stack trace of the tsc crash (assuming there is a stack trace)? This will help us triage the issue to figure out if it's the same one, or create a new fix if not.

[ghiscoding]

I can also confirm that reverting back to NodeJS v6.5 fixes the problem (running on Win10). I will stick with 6.5 until resolution.

[niieani]

@not-an-aardvark No stack trace, unless I need to pass some parameter to force displaying it? tsc just ends abruptly without actually doing anything, while on 6.5.0 it works properly.

[doomedramen]

Error reproduced on macOS Sierra with node v6.6.0.

[juicelink]

Same error on official node 6 docker image that reference 6.6.0 version since a few days. Switched to a custom image ( no 6.5 official image available)

[johanbrandhorst]

@juicelink You don't happen to have a public vanilla 6.5 image on docker hub we can all peruse until this blows over?

[juicelink]

juicelink/node image is the official one downgraded to 6.5.0

[niieani]

Since this came up now, something like this might also happen in the future. May we ask the maintainers of the docker images to keep tagging minor versions, not only major ones? I.e. have both the :6 tag, for the latest Node 6 and :6.0, :6.1, etc. for minor ones.

[mormahr]

The Docker Library still has the old versions :)
So "FROM node:6.5" should work

[mofax]

Just updated to v6.6.0 on ubuntu 16.04, and this showed up; everything crashed

[Trott]

This is fixed in d2eb7ce. That should be in the next release in the Node.js version 6.x line (which will be either 6.6.1 or 6.7.0). I believe it will also be in the next Node.js version 7 beta which should be out next week. (First beta came out today.)

[pkese]

I would assume, now that the bug is fixed, that a new version of nodejs would be pushed out with this fix applied ASAP, i.e. hopefully before next week.

Lots of people who followed the recommended install procedure from nodesource.com are now having this broken 6.6.0 version (.deb or .rpm) installed on their linux systems. It is a major pain to find workarounds (pinning old package versions or simply not updating their linux distros) just because of this bug.

[MylesBorins]

@pkese unfortunately we do not do Friday releases for a number of reasons. There will be a security update coming out next Tuesday, and I believe we intent to ship the above fix as part of it.

https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/

[MylesBorins]

I've gone ahead and backported this to v6.x-staging, this will help to make sure it isn't missed

[MylesBorins]

This was released with v6.7.0