Skip to content
Permalink
Browse files

util: fix inspection of errors with tampered name or stack property

This makes sure that `util.inspect()` does not throw while inspecting
errors that have the name or stack property set to a different type
than string.

Fixes: #30572

PR-URL: #30576
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
  • Loading branch information
BridgeAR authored and BethGriggs committed Nov 21, 2019
1 parent a83ccf8 commit d96c76507fc718caaf36979104c7b3288b33d44b
Showing with 32 additions and 3 deletions.
  1. +3 −3 lib/internal/util/inspect.js
  2. +29 −0 test/parallel/test-util-inspect.js
@@ -904,12 +904,12 @@ function getFunctionBase(value, constructor, tag) {
}

function formatError(err, constructor, tag, ctx) {
let stack = err.stack || ErrorPrototype.toString(err);
const name = err.name != null ? String(err.name) : 'Error';
let len = name.length;
let stack = err.stack ? String(err.stack) : ErrorPrototype.toString(err);

// A stack trace may contain arbitrary data. Only manipulate the output
// for "regular errors" (errors that "look normal") for now.
const name = err.name || 'Error';
let len = name.length;
if (constructor === null ||
(name.endsWith('Error') &&
stack.startsWith(name) &&
@@ -690,6 +690,35 @@ assert.strictEqual(util.inspect(-5e-324), '-5e-324');
);
}

// Tampered error stack or name property (different type than string).
// Note: Symbols are not supported by `Error#toString()` which is called by
// accessing the `stack` property.
[
[404, '404: foo', '[404]'],
[0, '0: foo', '[RangeError: foo]'],
[0n, '0: foo', '[RangeError: foo]'],
[null, 'null: foo', '[RangeError: foo]'],
[undefined, 'RangeError: foo', '[RangeError: foo]'],
[false, 'false: foo', '[RangeError: foo]'],
['', 'foo', '[RangeError: foo]'],
[[1, 2, 3], '1,2,3: foo', '[1,2,3]'],
].forEach(([value, outputStart, stack]) => {
let err = new RangeError('foo');
err.name = value;
assert(
util.inspect(err).startsWith(outputStart),
util.format(
'The name set to %o did not result in the expected output "%s"',
value,
outputStart
)
);

err = new RangeError('foo');
err.stack = value;
assert.strictEqual(util.inspect(err), stack);
});

// https://github.com/nodejs/node-v0.x-archive/issues/1941
assert.strictEqual(util.inspect(Object.create(Date.prototype)), 'Date {}');

0 comments on commit d96c765

Please sign in to comment.
You can’t perform that action at this time.