Skip to content

Commit

Permalink
src: fix double free reported by coverity
Browse files Browse the repository at this point in the history
Fix double free reported by coverity. ToBufferEndian()
in node_i18n.cc was the only caller of Buffer::New() passing
in a MaybeStackBuffer. Coverity reported a double free
because there were paths in which the src buffer would
be deleted by both the destruction of the MaybeStackBuffer and
by the Buffer which was done even in failure cases for
Buffer::New().

Signed-off-by: Michael Dawson <midawson@redhat.com>
PR-URL: #51046
Reviewed-By: James M Snell <jasnell@gmail.com>
  • Loading branch information
mhdawson committed Dec 11, 2023
1 parent 6e90fed commit 9e87091
Showing 1 changed file with 5 additions and 8 deletions.
13 changes: 5 additions & 8 deletions src/node_internals.h
Original file line number Diff line number Diff line change
Expand Up @@ -192,16 +192,13 @@ static v8::MaybeLocal<v8::Object> New(Environment* env,
char* src = reinterpret_cast<char*>(buf->out());
const size_t len_in_bytes = buf->length() * sizeof(buf->out()[0]);

if (buf->IsAllocated())
if (buf->IsAllocated()) {
ret = New(env, src, len_in_bytes);
else if (!buf->IsInvalidated())
ret = Copy(env, src, len_in_bytes);

if (ret.IsEmpty())
return ret;

if (buf->IsAllocated())
// new always takes ownership of src
buf->Release();
} else if (!buf->IsInvalidated()) {
ret = Copy(env, src, len_in_bytes);
}

return ret;
}
Expand Down

0 comments on commit 9e87091

Please sign in to comment.