-
Notifications
You must be signed in to change notification settings - Fork 29.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
invalid floating point uid or gid for spawn/execSync causes uv to assert and abort node #9722
Comments
See #8312 (comment), /to @saghul not sure if this is a uv bug, or node not checking for bad input before calling uv. |
I'll take care of the validation in Node in #8312. It might be good for libuv to return |
@cjihrig did I do right to label it with the node versions it effects? Is that the trigger for the fix to be backported? |
I think so, but I think backports are more driven by the labels on the PRs (lts-watch-*, dont-land-on-*). It would great if what each label meant could be documented somewhere (preferably by GitHub). They are usually self explanatory, but we're up to 100 of them. |
@thealphanerd or @nodejs/lts - I think the LTS process needs some docs. I may have over or under labelled, not sure! |
@sam-github the watch labels are for prs that need to be audited / backported. I'll work on something this week for the collaborator guide |
@thealphanerd ok, took the watch labels off, just left the version labels on, those are the versions the bug is in |
I don't think #8312 (comment) is a libuv bug. It looks like node.js is trying to close an uninitialized handle, presumably a |
This commit verifies that the child process handle is of the correct type before trying to close it in CloseHandlesAndDeleteLoop(). This catches the case where input validation failed, and the child process was never actually spawned. Fixes: nodejs#8096 Fixes: nodejs#8539 Refs: nodejs#9722 PR-URL: nodejs#8312 Reviewed-By: Ben Noordhuis <[email protected]>
This commit applies stricter input validation in normalizeSpawnArguments(), which is run by all of the child_process methods. Additional checks are added for spawnSync() specific inputs. Fixes: nodejs#8096 Fixes: nodejs#8539 Refs: nodejs#9722 PR-URL: nodejs#8312 Reviewed-By: Ben Noordhuis <[email protected]>
This commit removes C++ checks from spawn() and spawnSync() that are duplicates of the JavaScript type checking. Fixes: nodejs#8096 Fixes: nodejs#8539 Refs: nodejs#9722 PR-URL: nodejs#8312 Reviewed-By: Ben Noordhuis <[email protected]>
Pulling the v0.12 labels off this given that support for v0.12 is coming to an end in two days and there will not be any further updates to v0.12 |
This commit verifies that the child process handle is of the correct type before trying to close it in CloseHandlesAndDeleteLoop(). This catches the case where input validation failed, and the child process was never actually spawned. Fixes: nodejs#8096 Fixes: nodejs#8539 Refs: nodejs#9722 PR-URL: nodejs#8312 Reviewed-By: Ben Noordhuis <[email protected]>
This commit applies stricter input validation in normalizeSpawnArguments(), which is run by all of the child_process methods. Additional checks are added for spawnSync() specific inputs. Fixes: nodejs#8096 Fixes: nodejs#8539 Refs: nodejs#9722 PR-URL: nodejs#8312 Reviewed-By: Ben Noordhuis <[email protected]>
This commit removes C++ checks from spawn() and spawnSync() that are duplicates of the JavaScript type checking. Fixes: nodejs#8096 Fixes: nodejs#8539 Refs: nodejs#9722 PR-URL: nodejs#8312 Reviewed-By: Ben Noordhuis <[email protected]>
This was fixed in #8312 but it is semver-major. |
For what it's worth, the opts object is picky about other fields as well. For example, when I supply a timeout as a String instead of a Number I also encounter this crash. #8312 also fixes the timeout String vs. Number problem. |
Is there anything more we can do about this? The PR did land on master already but I don't think it can be backported due to semver-major. |
This issue has been inactive for sufficiently long that it seems like perhaps it should be closed. Feel free to re-open (or leave a comment requesting that it be re-opened) if you disagree. I'm just tidying up and not acting on a super-strong opinion or anything like that. |
Also
EDIT: git aborts, too
The text was updated successfully, but these errors were encountered: