'buffer.Buffer.prototype.lastIndexOf' results in an abort #32753

zyscoder · 2020-04-10T04:03:17Z

Version: v12.16.0
Platform: Linux vul337 4.15.0-91-generic new design of error handling #92-Ubuntu SMP Fri Feb 28 11:09:48 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Subsystem: buffer

What steps will reproduce the bug?

Directly run the following code snippet using node:

let buffer = require('buffer');
new buffer.Buffer.prototype.lastIndexOf(1, 'str');

It is worth noting that the following code would not cause this abort:

new  require('buffer').Buffer.prototype.lastIndexOf(1, 'str');

Thus we doubt there may be something wrong in somewhere.

How often does it reproduce? Is there a required condition?

No. This potential bug can always be reproduced.

What is the expected behavior?

This is a misuse of 'buffer.Buffer.prototype.lastIndexOf'. The function should throw an exception or other similar error-reporting stuff rather than crash the whole nodejs process.

What do you see instead?

This is the stack dump produced during abort:

./node[40968]: ../src/node_buffer.cc:1014:void node::Buffer::(anonymous namespace)::IndexOfNumber(const FunctionCallbackInfo<v8::Value> &): Assertion `args[2]->IsNumber()' failed.
 1: 0x13f9b30 node::Abort() [./node]
 2: 0x13f9709  [./node]
 3: 0x13b765e  [./node]
 4: 0x17b379c v8::internal::FunctionCallbackArguments::Call(v8::internal::CallHandlerInfo) [./node]
 5: 0x17b23d5  [./node]
 6: 0x17b1092  [./node]
 7: 0x2717a59  [./node]
[2]    40968 abort      ./node

Additional information

The text was updated successfully, but these errors were encountered:

Add a type check in bidirectionalIndexOf to avoid using something else as Buffer. This may happen if e.g. lastIndexOf is called with invalid this. PR-URL: #32770 Fixes: #32753 Fixes: #32747 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com>

Add a type check in bidirectionalIndexOf to avoid using something else as Buffer. This may happen if e.g. lastIndexOf is called with invalid this. PR-URL: nodejs#32770 Fixes: nodejs#32753 Fixes: nodejs#32747 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com>

Add a type check in bidirectionalIndexOf to avoid using something else as Buffer. This may happen if e.g. lastIndexOf is called with invalid this. PR-URL: #32770 Fixes: #32753 Fixes: #32747 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com>

bnoordhuis added buffer Issues and PRs related to the buffer subsystem. confirmed-bug Issues with confirmed bugs. labels Apr 10, 2020

Flarna mentioned this issue Apr 10, 2020

buffer: add type check in bidirectionalIndexOf #32770

Closed

Flarna closed this as completed in aa34465 Apr 13, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

'buffer.Buffer.prototype.lastIndexOf' results in an abort #32753

'buffer.Buffer.prototype.lastIndexOf' results in an abort #32753

zyscoder commented Apr 10, 2020

'buffer.Buffer.prototype.lastIndexOf' results in an abort #32753

'buffer.Buffer.prototype.lastIndexOf' results in an abort #32753

Comments

zyscoder commented Apr 10, 2020

What steps will reproduce the bug?

How often does it reproduce? Is there a required condition?

What is the expected behavior?

What do you see instead?

Additional information