Process.title gets corrupted in case process.argv[2] is too long #31631
Labels
process
Issues and PRs related to the process subsystem.
Comments
|
I can't reproduce exactly what you're describing but I can reproduce something: Note that the length of the four arguments are 512 and 513 respectively when you account for trailing nul bytes. Coincidence? I don't think so! |
|
Okay, found it: node/src/node_process_object.cc Lines 35 to 36 in 60de60a Node.js passes a fixed-size buffer to libuv and neglects to check the return value. Fix on the way. |
|
@bnoordhuis node --eval 'console.log(process.title); console.log(process.title)' `base64 /dev/urandom | head -c 700`and neither does the following: node --eval 'function test() {console.log(process.title); console.log(process.title)} test()' `base64 /dev/urandom | head -c 700`it is only with a file that I manage to reproduce it and only if the file contains a function execution. Meaning if I have: console.log(process.title);
console.log(process.title);And then execute node test.js `base64 /dev/urandom | head -c 700`I do not reproduce the issue. Only with const printTitle = () => {
console.log(`Process title ${process.title}`);
};
printTitle();
printTitle();and then executing: node test.js `base64 /dev/urandom | head -c 700`Only then do I get some memory chunks inside |
bnoordhuis
added a commit
to bnoordhuis/io.js
that referenced
this issue
Feb 4, 2020
The getter passed a stack-allocated, fixed-size buffer to uv_get_process_title() but neglected to check the return value. When the total length of the command line arguments exceeds the size of the buffer, libuv returns UV_ENOBUFS and doesn't modify the contents of the buffer. The getter then proceeded to return whatever garbage was on the stack at the time of the call, quite possibly reading beyond the end of the buffer. Add a GetProcessTitle() helper that reads the process title into a dynamically allocated buffer that is resized when necessary. Fixes: nodejs#31631
addaleax
pushed a commit
that referenced
this issue
Feb 7, 2020
Remove the version of GetHumanReadableProcessName() that operates on a fixed-size buffer. The only remaining caller is Assert() which might get called in contexts where dynamically allocating memory isn't possible but as Assert() calls printf(), which also allocates memory when necessary, this commit is unlikely to make matters much worse. PR-URL: #31633 Fixes: #31631 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
codebytere
pushed a commit
that referenced
this issue
Feb 17, 2020
The getter passed a stack-allocated, fixed-size buffer to uv_get_process_title() but neglected to check the return value. When the total length of the command line arguments exceeds the size of the buffer, libuv returns UV_ENOBUFS and doesn't modify the contents of the buffer. The getter then proceeded to return whatever garbage was on the stack at the time of the call, quite possibly reading beyond the end of the buffer. Add a GetProcessTitle() helper that reads the process title into a dynamically allocated buffer that is resized when necessary. Fixes: #31631 PR-URL: #31633 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
codebytere
pushed a commit
that referenced
this issue
Feb 17, 2020
Remove the version of GetHumanReadableProcessName() that operates on a fixed-size buffer. The only remaining caller is Assert() which might get called in contexts where dynamically allocating memory isn't possible but as Assert() calls printf(), which also allocates memory when necessary, this commit is unlikely to make matters much worse. PR-URL: #31633 Fixes: #31631 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
codebytere
pushed a commit
that referenced
this issue
Mar 15, 2020
The getter passed a stack-allocated, fixed-size buffer to uv_get_process_title() but neglected to check the return value. When the total length of the command line arguments exceeds the size of the buffer, libuv returns UV_ENOBUFS and doesn't modify the contents of the buffer. The getter then proceeded to return whatever garbage was on the stack at the time of the call, quite possibly reading beyond the end of the buffer. Add a GetProcessTitle() helper that reads the process title into a dynamically allocated buffer that is resized when necessary. Fixes: #31631 PR-URL: #31633 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
codebytere
pushed a commit
that referenced
this issue
Mar 15, 2020
Remove the version of GetHumanReadableProcessName() that operates on a fixed-size buffer. The only remaining caller is Assert() which might get called in contexts where dynamically allocating memory isn't possible but as Assert() calls printf(), which also allocates memory when necessary, this commit is unlikely to make matters much worse. PR-URL: #31633 Fixes: #31631 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
codebytere
pushed a commit
that referenced
this issue
Mar 17, 2020
The getter passed a stack-allocated, fixed-size buffer to uv_get_process_title() but neglected to check the return value. When the total length of the command line arguments exceeds the size of the buffer, libuv returns UV_ENOBUFS and doesn't modify the contents of the buffer. The getter then proceeded to return whatever garbage was on the stack at the time of the call, quite possibly reading beyond the end of the buffer. Add a GetProcessTitle() helper that reads the process title into a dynamically allocated buffer that is resized when necessary. Fixes: #31631 PR-URL: #31633 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
codebytere
pushed a commit
that referenced
this issue
Mar 17, 2020
Remove the version of GetHumanReadableProcessName() that operates on a fixed-size buffer. The only remaining caller is Assert() which might get called in contexts where dynamically allocating memory isn't possible but as Assert() calls printf(), which also allocates memory when necessary, this commit is unlikely to make matters much worse. PR-URL: #31633 Fixes: #31631 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
codebytere
pushed a commit
that referenced
this issue
Mar 30, 2020
The getter passed a stack-allocated, fixed-size buffer to uv_get_process_title() but neglected to check the return value. When the total length of the command line arguments exceeds the size of the buffer, libuv returns UV_ENOBUFS and doesn't modify the contents of the buffer. The getter then proceeded to return whatever garbage was on the stack at the time of the call, quite possibly reading beyond the end of the buffer. Add a GetProcessTitle() helper that reads the process title into a dynamically allocated buffer that is resized when necessary. Fixes: #31631 PR-URL: #31633 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
codebytere
pushed a commit
that referenced
this issue
Mar 30, 2020
Remove the version of GetHumanReadableProcessName() that operates on a fixed-size buffer. The only remaining caller is Assert() which might get called in contexts where dynamically allocating memory isn't possible but as Assert() calls printf(), which also allocates memory when necessary, this commit is unlikely to make matters much worse. PR-URL: #31633 Fixes: #31631 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: David Carlier <devnexen@gmail.com> Reviewed-By: Rich Trott <rtrott@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Please see the script below:
I am executing this script in the terminal with
node script-name.jsThe output is as follows:
It appears that
process.title(and onlyprocess.titleas far as I can tell) gets corrupted in caseprovess,argv[2]is of substantial length. Note that each time the second print ofprocess.titleyields a different result.I have read the docs regarding
process.titleand as far as I can tell there is only an issue with assigning a large string toprocess.title.The text was updated successfully, but these errors were encountered: