Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

fs.readSync(0, new Buffer(0), 0, 0, 0) throws Error: Offset is out of bounds #5685

Open
eahutchins opened this Issue · 10 comments

5 participants

@eahutchins

Reading 0 bytes into a 0 sized buffer should be a no-op to make it more like read(2):

If count is zero, read() returns zero and has no other results.

@eahutchins

fs.readSync(0, new Buffer(1), 0, 0, 0) fails with Error: ESPIPE, invalid seek on stdin, but a real empty file works and returns 0.

@glasser

Just hit this issue as well.

@glasser

Some notes: fs.read has the same issue. fs.write and fs.writeSync explicitly check for length 0 and do an early return.

http://pubs.opengroup.org/onlinepubs/9699919799/functions/read.html is the POSIX read spec.

@isaacs isaacs referenced this issue from a commit
Commit has since been removed from the repository and is no longer available.
@isaacs isaacs referenced this issue from a commit in isaacs/node
@isaacs isaacs fs: no-op on 0 byte read() calls e52c590
@isaacs
Owner

Working as intended. Please see discussion in #5888.

@isaacs isaacs closed this
@isaacs
Owner

Ah, ok, so the issue in the OP is still an issue, though.

@isaacs isaacs reopened this
@glasser

Yeah, so:

  • If we want to support being able to get errors out of read(0), then we can implement that (but you currently can't do that). When I first looked at the code in node_file.cc, I thought that you could just remove the (off >= buffer_length) check (and rely purely on the (off + len > buffer_length) check). But that might run into integer overflow issues, and admittedly the error message is better. Perhaps just change the check to (off > buffer_length)? The idea here would be, it's OK for the block we're trying to read to start anywhere in the buffer, including at the end.

  • If we don't want to support that, then the length > 0 check in read is fine.

@trevnorris
Owner
@glasser

That sounds right to me, but I just try not to make assertions about safety in the face of overflow without thinking very carefully :)

@vStone vStone referenced this issue in rlidwka/sinopia-htpasswd
Closed

Offset is out of bounds with an empty htpasswd file #2

@jasnell
Owner

@trevnorris ... any further thoughts on this one?

@trevnorris
Owner

@jasnell If it hasn't been fixed yet then should be easy to do. Just need to change the range checks, and return early if the operation is a noop.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.