src: fix UB in InternalModuleReadFile() #16871
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nodejs-github-bot
added
c++
cjihrig
approved these changes
Nov 7, 2017
addaleax
approved these changes
Nov 7, 2017
jasnell
reviewed
Nov 8, 2017
test/parallel/test-module-binding.js
Outdated
|
|
||
| strictEqual(internalModuleReadFile('nosuchfile'), undefined); | ||
| strictEqual(internalModuleReadFile(fixturesDir + '/empty.txt'), ''); | ||
| strictEqual(internalModuleReadFile(fixturesDir + '/empty-with-bom.txt'), ''); |
There was a problem hiding this comment.
unblocking nit: for consistency...
const fixtures = require('../common/fixtures');
/* ... */
strictEqual(internalModuleReadFile(fixtures.path('empty-with-bom.txt'));
jasnell
approved these changes
Nov 8, 2017
fhinkel
approved these changes
Nov 9, 2017
bnoordhuis
force-pushed
the
fix-module-ub
branch
from
2edbadf
to
72e23a4
Compare
|
Updated test. New CI: https://ci.nodejs.org/job/node-test-pull-request/11322/ |
bnoordhuis
force-pushed
the
fix-module-ub
branch
from
72e23a4
to
f823d38
Compare
evanlucas
pushed a commit
that referenced
this pull request
Nov 13, 2017
`&vec[0]` is undefined behavior when `vec.size() == 0`. It is mostly academic because package.json files are not usually empty and because with most STL implementations it decays to something that is legal C++ as long as the result is not dereferenced, but better safe than sorry. Note that the tests don't actually fail because of that, I added them as sanity checks. PR-URL: #16871 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Merged
|
Should this land on v8.x or v6.x? It lands cleanly on 8.x, but will require a backport for v6.x |
|
@MylesBorins it’s not worth the trouble of backporting I’d say (not that I’d want to stop @bnoordhuis from doing that), but if it lands cleanly it should probably go into v8.x |
gibfahn
pushed a commit
that referenced
this pull request
Dec 13, 2017
`&vec[0]` is undefined behavior when `vec.size() == 0`. It is mostly academic because package.json files are not usually empty and because with most STL implementations it decays to something that is legal C++ as long as the result is not dereferenced, but better safe than sorry. Note that the tests don't actually fail because of that, I added them as sanity checks. PR-URL: #16871 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
&vec[0]is undefined behavior whenvec.size() == 0.It is mostly academic because package.json files are not usually empty
and because with most STL implementations it decays to something that
is legal C++ as long as the result is not dereferenced, but better safe
than sorry.
Note that the tests don't actually fail because of that, I added them
as sanity checks.
Split off from #15767 where it already had a couple of LGTMs.
CI: https://ci.nodejs.org/job/node-test-pull-request/11283/