src: fix array overrun in node::url::SetArgs() #46541

tniessen · 2023-02-07T12:17:46Z

Refs: #46410

Refs: nodejs#46410

github-actions · 2023-02-07T12:18:00Z

Fast-track has been requested by @tniessen. Please 👍 to approve.

nodejs-github-bot · 2023-02-07T13:35:56Z

CI: https://ci.nodejs.org/job/node-test-pull-request/49466/

bnoordhuis · 2023-02-07T13:54:32Z

src/node_url.cc

@@ -47,7 +47,7 @@ enum url_update_action {
  kHref = 9,
 };

-void SetArgs(Environment* env, Local<Value> argv[12], const ada::result& url) {
+void SetArgs(Environment* env, Local<Value> argv[13], const ada::result& url) {


Array arguments decay to pointers so this, in the abstract, doesn't fix anything. You could change it to:

Suggested change

void SetArgs(Environment* env, Local<Value> argv[13], const ada::result& url) {

void SetArgs(Environment* env, Local<Value> (*argv)[13], const ada::result& url) {

That forces callers to pass a 13-element array by address, i.e.:

Local<Value> argv[13]; SetArgs(env, &argv, url);

You'll need to update all the assignments from argv[0] to (*argv)[0].

For education purposes: How did the code work before this change?

It wrote past the end. Array arguments aren't length-checked; to the compiler int x[42] equals int x[] equals int *x.

anonrig · 2023-02-07T20:36:34Z

cc @nodejs/url

tniessen · 2023-03-02T12:01:16Z

Seems like #46736 implicitly overwrote this.

TimothyGu · 2023-03-07T19:30:10Z

I believe @bnoordhuis's comment above is still relevant though. @anonrig is there any chance you could pick it up in a future PR?

anonrig · 2023-03-07T19:31:16Z

I believe @bnoordhuis's comment above is still relevant though. @anonrig is there any chance you could pick it up in a future PR?

I agree. I'll open a PR. Thanks for the mention.

src: fix array overrun in node::url::SetArgs()

c405efd

Refs: nodejs#46410

tniessen added whatwg-url Issues and PRs related to the WHATWG URL implementation. fast-track PRs that do not need to wait for 48 hours to land. labels Feb 7, 2023

nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. labels Feb 7, 2023

tniessen added the request-ci Add this label to start a Jenkins CI on a PR. label Feb 7, 2023

github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Feb 7, 2023

bnoordhuis reviewed Feb 7, 2023

View reviewed changes

TimothyGu mentioned this pull request Feb 9, 2023

url: fix url spec compliance issues #46547

Closed

panva removed the fast-track PRs that do not need to wait for 48 hours to land. label Feb 23, 2023

tniessen closed this Mar 2, 2023

anonrig mentioned this pull request Mar 7, 2023

url: fix array overrun in node:url::SetArgs() #47001

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

src: fix array overrun in node::url::SetArgs() #46541

src: fix array overrun in node::url::SetArgs() #46541

tniessen commented Feb 7, 2023

github-actions bot commented Feb 7, 2023

nodejs-github-bot commented Feb 7, 2023

bnoordhuis Feb 7, 2023

anonrig Feb 7, 2023

bnoordhuis Feb 8, 2023

anonrig commented Feb 7, 2023

tniessen commented Mar 2, 2023

TimothyGu commented Mar 7, 2023

anonrig commented Mar 7, 2023

	void SetArgs(Environment* env, Local<Value> argv[13], const ada::result& url) {
	void SetArgs(Environment* env, Local<Value> (*argv)[13], const ada::result& url) {

src: fix array overrun in node::url::SetArgs() #46541

src: fix array overrun in node::url::SetArgs() #46541

Conversation

tniessen commented Feb 7, 2023

github-actions bot commented Feb 7, 2023

nodejs-github-bot commented Feb 7, 2023

bnoordhuis Feb 7, 2023

Choose a reason for hiding this comment

anonrig Feb 7, 2023

Choose a reason for hiding this comment

bnoordhuis Feb 8, 2023

Choose a reason for hiding this comment

anonrig commented Feb 7, 2023

tniessen commented Mar 2, 2023

TimothyGu commented Mar 7, 2023

anonrig commented Mar 7, 2023