New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

worker: fix nullptr deref after MessagePort deser failure #25076

Closed
wants to merge 1 commit into
base: master
from

Conversation

Projects
None yet
7 participants
@addaleax
Copy link
Member

addaleax commented Dec 16, 2018

This would previously always have crashed when deserializing
a MessagePort fails, because there was always at least one
nullptr entry in the vector.

(Caught by @gireeshpunathil in #25061)

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines
worker: fix nullptr deref after MessagePort deser failure
This would previously always have crashed when deserializing
a `MessagePort` fails, because there was always at least one
`nullptr` entry in the vector.

@addaleax addaleax added the worker label Dec 16, 2018

@@ -90,7 +90,8 @@ MaybeLocal<Value> Message::Deserialize(Environment* env,
if (ports[i] == nullptr) {
for (MessagePort* port : ports) {
// This will eventually release the MessagePort object itself.
port->Close();
if (port != nullptr)

This comment has been minimized.

@richardlau

richardlau Dec 16, 2018

Member

Does the enclosing for loop need to loop through all ports or just up to (but not including since ports[i] == nullptr) i?

This comment has been minimized.

@addaleax

addaleax Dec 16, 2018

Member

@richardlau Yes, I think that should work too … should we optimize here? This effectively only occurs during .terminate(), and I don’t think it’s a typical case to pass more than one MessagePort per Message anyway?

This comment has been minimized.

@richardlau

richardlau Dec 16, 2018

Member

¯\_(ツ)_/¯ I'll leave it to your judgement.

@Trott

This comment has been minimized.

Copy link
Member

Trott commented Dec 17, 2018

@Trott Trott added the author ready label Dec 17, 2018

@danbev

This comment has been minimized.

Copy link
Member

danbev commented Dec 19, 2018

Landed in e1ab457.

@danbev danbev closed this Dec 19, 2018

danbev added a commit that referenced this pull request Dec 19, 2018

worker: fix nullptr deref after MessagePort deser failure
This would previously always have crashed when deserializing
a `MessagePort` fails, because there was always at least one
`nullptr` entry in the vector.

PR-URL: #25076
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>

@addaleax addaleax deleted the addaleax:messageport-deserialize-nullptr branch Dec 19, 2018

MylesBorins added a commit that referenced this pull request Dec 25, 2018

worker: fix nullptr deref after MessagePort deser failure
This would previously always have crashed when deserializing
a `MessagePort` fails, because there was always at least one
`nullptr` entry in the vector.

PR-URL: #25076
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>

@MylesBorins MylesBorins referenced this pull request Dec 25, 2018

Merged

v11.6.0 proposal #25175

refack added a commit to refack/node that referenced this pull request Jan 14, 2019

worker: fix nullptr deref after MessagePort deser failure
This would previously always have crashed when deserializing
a `MessagePort` fails, because there was always at least one
`nullptr` entry in the vector.

PR-URL: nodejs#25076
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment