Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

invalid floating point uid or gid for spawn/execSync causes uv to assert and abort node #9722

Closed
sam-github opened this issue Nov 21, 2016 · 14 comments
Labels
child_process Issues and PRs related to the child_process subsystem. confirmed-bug Issues with confirmed bugs.

Comments

@sam-github
Copy link
Contributor

sam-github commented Nov 21, 2016

  • Version: 0.12 to v8.0.0-pre
> child_process.spawnSync("cat", {uid: 3.5})
node: ../deps/uv/src/unix/core.c:166: uv_close: Assertion `0' failed.
zsh: abort (core dumped)  ./node

Also

> child_process.execSync("date", {uid: 3.5})
node: ../deps/uv/src/unix/core.c:161: uv_close: Assertion `0' failed.
zsh: abort (core dumped)
% ./node --version
v8.0.0-pre

EDIT: git aborts, too

@sam-github sam-github added child_process Issues and PRs related to the child_process subsystem. confirmed-bug Issues with confirmed bugs. libuv Issues and PRs related to the libuv dependency or the uv binding. labels Nov 21, 2016
@sam-github
Copy link
Contributor Author

See #8312 (comment), /to @saghul not sure if this is a uv bug, or node not checking for bad input before calling uv.

@sam-github sam-github changed the title invalid floating point uid for spawn/execSync causes uv to assert and abort node invalid floating point uid or gid for spawn/execSync causes uv to assert and abort node Nov 21, 2016
@cjihrig
Copy link
Contributor

cjihrig commented Nov 21, 2016

I'll take care of the validation in Node in #8312. It might be good for libuv to return EINVAL or something though.

@sam-github
Copy link
Contributor Author

@cjihrig I assumed you would validate, I reported because #8321 is semver-major, and this bug exists all the way back to 0.12, so across every LTS release, so some sub-set of #8321 will need to be backported.

@sam-github
Copy link
Contributor Author

@cjihrig did I do right to label it with the node versions it effects? Is that the trigger for the fix to be backported?

@cjihrig
Copy link
Contributor

cjihrig commented Nov 21, 2016

I think so, but I think backports are more driven by the labels on the PRs (lts-watch-*, dont-land-on-*).

It would great if what each label meant could be documented somewhere (preferably by GitHub). They are usually self explanatory, but we're up to 100 of them.

@sam-github
Copy link
Contributor Author

@thealphanerd or @nodejs/lts - I think the LTS process needs some docs. I may have over or under labelled, not sure!

@MylesBorins
Copy link
Contributor

@sam-github the watch labels are for prs that need to be audited / backported. I'll work on something this week for the collaborator guide

@sam-github
Copy link
Contributor Author

@thealphanerd ok, took the watch labels off, just left the version labels on, those are the versions the bug is in

@bnoordhuis
Copy link
Member

I don't think #8312 (comment) is a libuv bug. It looks like node.js is trying to close an uninitialized handle, presumably a uv_process_t handle.

cjihrig added a commit to cjihrig/node that referenced this issue Dec 25, 2016
This commit verifies that the child process handle is of the
correct type before trying to close it in
CloseHandlesAndDeleteLoop(). This catches the case where input
validation failed, and the child process was never actually
spawned.

Fixes: nodejs#8096
Fixes: nodejs#8539
Refs: nodejs#9722
PR-URL: nodejs#8312
Reviewed-By: Ben Noordhuis <[email protected]>
cjihrig added a commit to cjihrig/node that referenced this issue Dec 25, 2016
This commit applies stricter input validation in
normalizeSpawnArguments(), which is run by all of the
child_process methods. Additional checks are added for spawnSync()
specific inputs.

Fixes: nodejs#8096
Fixes: nodejs#8539
Refs: nodejs#9722
PR-URL: nodejs#8312
Reviewed-By: Ben Noordhuis <[email protected]>
cjihrig added a commit to cjihrig/node that referenced this issue Dec 25, 2016
This commit removes C++ checks from spawn() and spawnSync()
that are duplicates of the JavaScript type checking.

Fixes: nodejs#8096
Fixes: nodejs#8539
Refs: nodejs#9722
PR-URL: nodejs#8312
Reviewed-By: Ben Noordhuis <[email protected]>
@jasnell
Copy link
Member

jasnell commented Dec 29, 2016

Pulling the v0.12 labels off this given that support for v0.12 is coming to an end in two days and there will not be any further updates to v0.12

@jasnell jasnell removed the v0.12 label Dec 29, 2016
italoacasas pushed a commit to italoacasas/node that referenced this issue Jan 18, 2017
This commit verifies that the child process handle is of the
correct type before trying to close it in
CloseHandlesAndDeleteLoop(). This catches the case where input
validation failed, and the child process was never actually
spawned.

Fixes: nodejs#8096
Fixes: nodejs#8539
Refs: nodejs#9722
PR-URL: nodejs#8312
Reviewed-By: Ben Noordhuis <[email protected]>
italoacasas pushed a commit to italoacasas/node that referenced this issue Jan 18, 2017
This commit applies stricter input validation in
normalizeSpawnArguments(), which is run by all of the
child_process methods. Additional checks are added for spawnSync()
specific inputs.

Fixes: nodejs#8096
Fixes: nodejs#8539
Refs: nodejs#9722
PR-URL: nodejs#8312
Reviewed-By: Ben Noordhuis <[email protected]>
italoacasas pushed a commit to italoacasas/node that referenced this issue Jan 18, 2017
This commit removes C++ checks from spawn() and spawnSync()
that are duplicates of the JavaScript type checking.

Fixes: nodejs#8096
Fixes: nodejs#8539
Refs: nodejs#9722
PR-URL: nodejs#8312
Reviewed-By: Ben Noordhuis <[email protected]>
@targos
Copy link
Member

targos commented Jan 29, 2017

This was fixed in #8312 but it is semver-major.

@davisjam
Copy link
Contributor

davisjam commented Feb 3, 2017

For what it's worth, the opts object is picky about other fields as well. For example, when I supply a timeout as a String instead of a Number I also encounter this crash.

#8312 also fixes the timeout String vs. Number problem.

@TimothyGu
Copy link
Member

Is there anything more we can do about this? The PR did land on master already but I don't think it can be backported due to semver-major.

@cjihrig cjihrig removed the libuv Issues and PRs related to the libuv dependency or the uv binding. label May 17, 2017
@Trott
Copy link
Member

Trott commented Aug 13, 2017

This issue has been inactive for sufficiently long that it seems like perhaps it should be closed. Feel free to re-open (or leave a comment requesting that it be re-opened) if you disagree. I'm just tidying up and not acting on a super-strong opinion or anything like that.

@Trott Trott closed this as completed Aug 13, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
child_process Issues and PRs related to the child_process subsystem. confirmed-bug Issues with confirmed bugs.
Projects
None yet
Development

No branches or pull requests

9 participants