-
Notifications
You must be signed in to change notification settings - Fork 29.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
URLHost not robust when re-setting its value #18302
Comments
I’m just going to mention again that I’d prefer something like a (That being said, I’d consider this worthy of being a good first issue if somebody wants to do some C++ stuff?) |
I've marked this as a good first issue and mentor available. I'm happy to assist anyone that wants to take this on, it should be a very simple change. If anyone's considering this: all that's required is to make a private |
@apapirovski Alright, I`ll do this one then :) |
Fixes: nodejs#18302 PR-URL: nodejs#18357 Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Fixes: #18302 Backport-PR-URL: #19639 PR-URL: #18357 Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Fixes: nodejs#18302 PR-URL: nodejs#18357 Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com> Reviewed-By: Anatoli Papirovski <apapirovski@mac.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Tobias Nießen <tniessen@tnie.de>
Currently, the
SetOpaque()
andSetDomain()
methods ofURLHost
class innode_url.cc
always overwrite the existing string invalue_
without disposing of the original value in that union.node/src/node_url.cc
Lines 95 to 112 in a3555d0
This could cause a memory leak when these two methods are used on an instance of the class on which one of these two methods has already been called.
Right now that never happens because of the way the URL parsing state machine is designed, but ideally these two methods should first call
this->~URLHost()
to free any memory already allocated before reinitializing thevalue
through thenew
placement.The text was updated successfully, but these errors were encountered: