Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

src: avoid OOB read in URL parser #33640

Closed
wants to merge 2 commits into from
Closed

Conversation

addaleax
Copy link
Member

This is not a big concern, because right now, all (non-test) inputs
to the parser are '\0'-terminated, but we should be future-proof
here and not perform these OOB reads.

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines

This is not a big concern, because right now, all (non-test) inputs
to the parser are `'\0'`-terminated, but we should be future-proof
here and not perform these OOB reads.
@nodejs-github-bot nodejs-github-bot added the c++ Issues and PRs that require attention from people who are familiar with C++. label May 29, 2020
@addaleax addaleax added the whatwg-url Issues and PRs related to the WHATWG URL implementation. label May 29, 2020
@nodejs-github-bot
Copy link
Collaborator

@BridgeAR BridgeAR added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label May 30, 2020
@jasnell jasnell added the fast-track PRs that do not need to wait for 48 hours to land. label May 30, 2020
@jasnell
Copy link
Member

jasnell commented May 30, 2020

Passing CI, plenty of sign-off, no reason for this to sit for long. fast track?

jasnell pushed a commit that referenced this pull request May 30, 2020
This is not a big concern, because right now, all (non-test) inputs
to the parser are `'\0'`-terminated, but we should be future-proof
here and not perform these OOB reads.

PR-URL: #33640
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
@jasnell
Copy link
Member

jasnell commented May 30, 2020

Landed in 3f32126

@jasnell jasnell closed this May 30, 2020
codebytere pushed a commit that referenced this pull request Jun 18, 2020
This is not a big concern, because right now, all (non-test) inputs
to the parser are `'\0'`-terminated, but we should be future-proof
here and not perform these OOB reads.

PR-URL: #33640
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
@codebytere codebytere mentioned this pull request Jun 28, 2020
codebytere pushed a commit that referenced this pull request Jun 30, 2020
This is not a big concern, because right now, all (non-test) inputs
to the parser are `'\0'`-terminated, but we should be future-proof
here and not perform these OOB reads.

PR-URL: #33640
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
codebytere pushed a commit that referenced this pull request Jul 9, 2020
This is not a big concern, because right now, all (non-test) inputs
to the parser are `'\0'`-terminated, but we should be future-proof
here and not perform these OOB reads.

PR-URL: #33640
Reviewed-By: Sam Roberts <vieuxtech@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
@codebytere codebytere mentioned this pull request Jul 13, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. fast-track PRs that do not need to wait for 48 hours to land. whatwg-url Issues and PRs related to the WHATWG URL implementation.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

8 participants