Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Add test for #2438

Unfortunately valgrind must be used to see the bad read. It would be nice if
we could improve this test to cause a segfault.
  • Loading branch information...
commit 432a2e4d397908965cfbdc44eb8a10c7fb840701 1 parent 3f5bb15
@ry ry authored
Showing with 72 additions and 0 deletions.
  1. +72 −0 test/simple/test-http-parser-bad-ref.js
View
72 test/simple/test-http-parser-bad-ref.js
@@ -0,0 +1,72 @@
+// Run this program with valgrind or efence with --expose_gc to expose the
+// problem.
+
+// Flags: --expose_gc
+
+var assert = require('assert');
+var HTTPParser = process.binding('http_parser').HTTPParser;
+
+var headersComplete = 0;
+var messagesComplete = 0;
+
+function flushPool() {
+ new Buffer(Buffer.poolSize - 1);
+ gc();
+}
+
+function demoBug(part1, part2) {
+ var parser = new HTTPParser('REQUEST');
+
+ parser.headers = [];
+ parser.url = '';
+
+ parser.onHeaders = function(headers, url) {
+ parser.headers = parser.headers.concat(headers);
+ parser.url += url;
+ };
+
+ parser.onHeadersComplete = function(info) {
+ headersComplete++;
+ console.log("url", info.url);
+ };
+
+ parser.onBody = function(b, start, len) { };
+
+ parser.onMessageComplete = function() {
+ messagesComplete++;
+ };
+
+
+ // We use a function to eliminate references to the Buffer b
+ // We want b to be GCed. The parser will hold a bad reference to it.
+ (function() {
+ var b = Buffer(part1);
+ flushPool();
+
+ console.log("parse the first part of the message");
+ parser.execute(b, 0, b.length);
+ })();
+
+ flushPool();
+
+ (function() {
+ var b = Buffer(part2);
+
+ console.log("parse the second part of the message");
+ parser.execute(b, 0, b.length);
+ parser.finish();
+ })();
+}
+
+
+demoBug('POST /1', '/22 HTTP/1.1\r\n' +
+ 'Content-Type: text/plain\r\n' +
+ 'Content-Length: 4\r\n\r\n' +
+ 'pong');
+
+
+process.on('exit', function() {
+ assert.equal(1, headersComplete);
+ assert.equal(1, messagesComplete);
+ console.log("done!");
+});
Please sign in to comment.
Something went wrong with that request. Please try again.