zlib: fix assert fail for bad write in object mode #16960
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
add4b0a introduced a regression from Node 8 to Node 9 by removing the `ArrayBuffer.isView(chunk)` check in `Zlib.prototype._transform` without properly forcing `opts.objectMode` to `false` in the constructor because the change to `opts` occurs after `opts` has been passed to the `Transform` constructor. This commit fixes the issue by moving the call to `Transform` after the changes to `opts`. The regression can be demonstrated by running node -e 'require("zlib").Gunzip({objectMode: true}).write({})' On Node 8 this correctly throws a `TypeError`: events.js:183 throw er; // Unhandled 'error' event ^ TypeError: invalid input at Gunzip._transform (zlib.js:367:15) at Gunzip.Transform._read (_stream_transform.js:186:10) at Gunzip.Transform._write (_stream_transform.js:174:12) at doWrite (_stream_writable.js:387:12) at writeOrBuffer (_stream_writable.js:373:5) at Gunzip.Writable.write (_stream_writable.js:290:11) at [eval]:1:44 at ContextifyScript.Script.runInThisContext (vm.js:50:33) at Object.runInThisContext (vm.js:139:38) at Object.<anonymous> ([eval]-wrapper:6:22) On Node 9 this causes an assertion failure: node[21732]: ../src/node_zlib.cc:179:static void node::{anonymous}::ZCtx::Write(const v8::FunctionCallbackInfo<v8::Value>&) [with bool async = true]: Assertion `Buffer::HasInstance(args[1])' failed. 1: node::Abort() [node] 2: node::Assert(char const* const (*) [4]) [node] 3: 0x1250916 [node] 4: v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const&)) [node] 5: 0xb7547c [node] 6: v8::internal::Builtin_HandleApiCall(int, v8::internal::Object**, v8::internal::Isolate*) [node] 7: 0x20c44b8842fd Aborted Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
addaleax
approved these changes
Nov 12, 2017
cjihrig
approved these changes
Nov 12, 2017
jasnell
approved these changes
Nov 12, 2017
lpinca
approved these changes
Nov 12, 2017
|
Landed in 662d803, thanks for the PR! 🎉 |
addaleax
pushed a commit
that referenced
this pull request
Nov 18, 2017
add4b0a introduced a regression from Node 8 to Node 9 by removing the `ArrayBuffer.isView(chunk)` check in `Zlib.prototype._transform` without properly forcing `opts.objectMode` to `false` in the constructor because the change to `opts` occurs after `opts` has been passed to the `Transform` constructor. This commit fixes the issue by moving the call to `Transform` after the changes to `opts`. The regression can be demonstrated by running node -e 'require("zlib").Gunzip({objectMode: true}).write({})' On Node 8 this correctly throws a `TypeError`: events.js:183 throw er; // Unhandled 'error' event ^ TypeError: invalid input at Gunzip._transform (zlib.js:367:15) at Gunzip.Transform._read (_stream_transform.js:186:10) at Gunzip.Transform._write (_stream_transform.js:174:12) at doWrite (_stream_writable.js:387:12) at writeOrBuffer (_stream_writable.js:373:5) at Gunzip.Writable.write (_stream_writable.js:290:11) at [eval]:1:44 at ContextifyScript.Script.runInThisContext (vm.js:50:33) at Object.runInThisContext (vm.js:139:38) at Object.<anonymous> ([eval]-wrapper:6:22) On Node 9 this causes an assertion failure: node[21732]: ../src/node_zlib.cc:179:static void node::{anonymous}::ZCtx::Write(const v8::FunctionCallbackInfo<v8::Value>&) [with bool async = true]: Assertion `Buffer::HasInstance(args[1])' failed. 1: node::Abort() [node] 2: node::Assert(char const* const (*) [4]) [node] 3: 0x1250916 [node] 4: v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const&)) [node] 5: 0xb7547c [node] 6: v8::internal::Builtin_HandleApiCall(int, v8::internal::Object**, v8::internal::Isolate*) [node] 7: 0x20c44b8842fd Aborted Signed-off-by: Kevin Locke <kevin@kevinlocke.name> PR-URL: #16960 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
|
Great. Thank you for reviewing and landing it! |
kevinoid
added a commit
to kevinoid/inflate-auto
that referenced
this pull request
Nov 19, 2017
Calling .write with an invalid type in objectMode causes an assertion failure on Node.js v9 due to nodejs/node#16960. Skip this test on Node.js v9. (Note: May be able to selectively re-enable if the fix gets backported.) Fixes: #19 Signed-off-by: Kevin Locke <kevin@kevinlocke.name>
MylesBorins
pushed a commit
that referenced
this pull request
Dec 12, 2017
add4b0a introduced a regression from Node 8 to Node 9 by removing the `ArrayBuffer.isView(chunk)` check in `Zlib.prototype._transform` without properly forcing `opts.objectMode` to `false` in the constructor because the change to `opts` occurs after `opts` has been passed to the `Transform` constructor. This commit fixes the issue by moving the call to `Transform` after the changes to `opts`. The regression can be demonstrated by running node -e 'require("zlib").Gunzip({objectMode: true}).write({})' On Node 8 this correctly throws a `TypeError`: events.js:183 throw er; // Unhandled 'error' event ^ TypeError: invalid input at Gunzip._transform (zlib.js:367:15) at Gunzip.Transform._read (_stream_transform.js:186:10) at Gunzip.Transform._write (_stream_transform.js:174:12) at doWrite (_stream_writable.js:387:12) at writeOrBuffer (_stream_writable.js:373:5) at Gunzip.Writable.write (_stream_writable.js:290:11) at [eval]:1:44 at ContextifyScript.Script.runInThisContext (vm.js:50:33) at Object.runInThisContext (vm.js:139:38) at Object.<anonymous> ([eval]-wrapper:6:22) On Node 9 this causes an assertion failure: node[21732]: ../src/node_zlib.cc:179:static void node::{anonymous}::ZCtx::Write(const v8::FunctionCallbackInfo<v8::Value>&) [with bool async = true]: Assertion `Buffer::HasInstance(args[1])' failed. 1: node::Abort() [node] 2: node::Assert(char const* const (*) [4]) [node] 3: 0x1250916 [node] 4: v8::internal::FunctionCallbackArguments::Call(void (*)(v8::FunctionCallbackInfo<v8::Value> const&)) [node] 5: 0xb7547c [node] 6: v8::internal::Builtin_HandleApiCall(int, v8::internal::Object**, v8::internal::Isolate*) [node] 7: 0x20c44b8842fd Aborted Signed-off-by: Kevin Locke <kevin@kevinlocke.name> PR-URL: #16960 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
add4b0a introduced a regression from Node 8 to Node 9 by removing the
ArrayBuffer.isView(chunk)check inZlib.prototype._transformwithout properly forcingopts.objectModetofalsein the constructor because the change tooptsoccurs afteroptshas been passed to theTransformconstructor. This commit fixes the issue by moving the call toTransformafter the changes toopts.The regression can be demonstrated by running
On Node 8 this correctly throws a
TypeError:On Node 9 this causes a crash due to an assertion failure:
Checklist
make -j4 test(UNIX), orvcbuild test(Windows) passesAffected core subsystem(s)
zlib