New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

child_process: validate fork/execFile arguments #7399

Closed
wants to merge 3 commits into
base: master
from

Conversation

Projects
None yet
5 participants
@Trott
Member

Trott commented Jun 24, 2016

Checklist
  • make -j4 test (UNIX) or vcbuild test nosign (Windows) passes
  • a test and/or benchmark is included
  • the commit message follows commit guidelines
Affected core subsystem(s)

child_process

Description of change

I took the tests that @ChuckLangford wrote in #4508 and implemented code such that they pass. This fixes #2681.

@Trott

This comment has been minimized.

@Trott

This comment has been minimized.

Member

Trott commented Jun 25, 2016

CI is green. /cc @jasnell @bnoordhuis @cjihrig

@bnoordhuis

View changes

lib/child_process.js Outdated
var options = {};
var args = [];
var pos = 1;
if (Array.isArray(arguments[pos])) {

This comment has been minimized.

@bnoordhuis

bnoordhuis Jun 26, 2016

Member

Can you check that pos < arguments.length? I believe V8 still deoptimizes on out-of-bounds arguments access.

This comment has been minimized.

@Trott

Trott Jun 26, 2016

Member

Happy to make the change. A couple of questions, though, mostly to make sure I'm understanding things correctly:

  • The code I'm replacing accessed arguments[1] without any bounds check, so it was already not being optimized. Or was there something else going on there that made that code optimizable?
  • This isn't going to be something that's benchmark-able because each fork() call is going to spin up a completely separate Node.js instance and any performance improvement in the single call to fork() is going to be lost in the overhead of launching the separate instance. Or am I wrong and this may be reasonably benchmark-able perhaps using some trick I'm not thinking of?

This comment has been minimized.

@bnoordhuis

bnoordhuis Jun 27, 2016

Member

The code I'm replacing accessed arguments[1] without any bounds check, so it was already not being optimized.

Yes, that's quite possibly the case.

This isn't going to be something that's benchmark-able because each fork() call is going to spin up a completely separate Node.js instance

That's right but it would be good for consistency. Elsewhere in lib/child_process.js we're quite diligent about checking arguments.length. Also, it makes --trace_deopt less noisy, which is never a bad thing.

This comment has been minimized.

@Trott

Trott Jun 27, 2016

Member

OK, added in the checks for pos < arguments.length.

@bnoordhuis

This comment has been minimized.

Member

bnoordhuis commented Jun 26, 2016

Mostly LGTM, I think.

@Trott Trott force-pushed the Trott:arg-val branch Jun 26, 2016

@jasnell

This comment has been minimized.

Member

jasnell commented Jun 27, 2016

LGTM

@Trott Trott force-pushed the Trott:arg-val branch to d07430a Jun 27, 2016

@Trott

This comment has been minimized.

Member

Trott commented Jun 27, 2016

Addressed optimization nits from @bnoordhuis, rebased, force pushed.

CI again: https://ci.nodejs.org/job/node-test-pull-request/3099/

And, because this is semver-major, adding the ctc-agenda label.

@Trott Trott added the ctc-agenda label Jun 27, 2016

@bnoordhuis

This comment has been minimized.

Member

bnoordhuis commented Jun 28, 2016

d07430a LGTM.

@Trott

This comment has been minimized.

Member

Trott commented Jun 28, 2016

SInce it's semver-major: @nodejs/ctc (Will be on agenda for tomorrow's meeting.)

@rvagg

This comment has been minimized.

Member

rvagg commented Jun 30, 2016

no objections from today's CTC meeting for this

@rvagg rvagg removed the ctc-agenda label Jun 30, 2016

Trott added a commit to Trott/io.js that referenced this pull request Jun 30, 2016

child_process: add fork/execFile arg validation
Validate fork/execFile arguments.

Fixes: nodejs#2681
Refs: nodejs#4508
PR-URL: nodejs#7399
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>

Trott added a commit to Trott/io.js that referenced this pull request Jun 30, 2016

test: test execFile/fork arg validation
Fixes: nodejs#2681
Refs: nodejs#4508
PR-URL: nodejs#7399
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
@Trott

This comment has been minimized.

Member

Trott commented Jun 30, 2016

Landed in 0548e5d and 99cfd53. Thanks, @ChuckLangford!

@Trott Trott closed this Jun 30, 2016

@ChuckLangford

This comment has been minimized.

Contributor

ChuckLangford commented Jul 1, 2016

This has been a fantastic learning experience for me. Thanks @Trott

@jasnell jasnell referenced this pull request Oct 14, 2016

Closed

v7.0.0 Proposal #9099

jasnell added a commit to jasnell/node that referenced this pull request Oct 24, 2016

2016-10-25, Version 7.0.0 (Current)
Notable Changes:

* Buffer
  * Passing invalid input to Buffer.byteLength will now throw an error [nodejs#8946](nodejs#8946).
  * Calling Buffer without new is now deprecated and will emit a process warning [nodejs#8169](nodejs#8169).
  * Passing a negative number to allocUnsafe will now throw an error [nodejs#7079](nodejs#7079).
* Child Process
  * The fork and execFile methods now have stronger argument validation [nodejs#7399](nodejs#7399).
* Cluster
  * The worker.suicide method is deprecated and will emit a process warning [nodejs#3747](nodejs#3747).
* Deps
  * V8 has been updated to 5.4.500.36 [nodejs#8317](nodejs#8317), [nodejs#8852](nodejs#8852), [nodejs#9253](nodejs#9253).
  * NODE_MODULE_VERSION has been updated to 51 [nodejs#8808](nodejs#8808).
* File System
  * A process warning is emitted if a callback is not passed to async file system methods [nodejs#7897](nodejs#7897).
* Intl
  * Intl.v8BreakIterator constructor has been deprecated and will emit a process warning [nodejs#8908](nodejs#8908).
* Promises
  * Unhandled Promise rejections have been deprecated and will emit a process warning [nodejs#8217](nodejs#8217).
* Punycode
  * The `punycode` module has been deprecated [nodejs#7941](nodejs#7941).
* URL
  * An Experimental WHATWG URL Parser has been introduced [nodejs#7448](nodejs#7448).

jasnell added a commit that referenced this pull request Oct 25, 2016

2016-10-25, Version 7.0.0 (Current)
Notable Changes:

* Buffer
  * Passing invalid input to Buffer.byteLength will now throw an error [#8946](#8946).
  * Calling Buffer without new is now deprecated and will emit a process warning [#8169](#8169).
  * Passing a negative number to allocUnsafe will now throw an error [#7079](#7079).
* Child Process
  * The fork and execFile methods now have stronger argument validation [#7399](#7399).
* Cluster
  * The worker.suicide method is deprecated and will emit a process warning [#3747](#3747).
* Deps
  * V8 has been updated to 5.4.500.36 [#8317](#8317), [#8852](#8852), [#9253](#9253).
  * NODE_MODULE_VERSION has been updated to 51 [#8808](#8808).
* File System
  * A process warning is emitted if a callback is not passed to async file system methods [#7897](#7897).
* Intl
  * Intl.v8BreakIterator constructor has been deprecated and will emit a process warning [#8908](#8908).
* Promises
  * Unhandled Promise rejections have been deprecated and will emit a process warning [#8217](#8217).
* Punycode
  * The `punycode` module has been deprecated [#7941](#7941).
* URL
  * An Experimental WHATWG URL Parser has been introduced [#7448](#7448).

PR-URL: #9099

jasnell added a commit that referenced this pull request Oct 25, 2016

2016-10-25, Version 7.0.0 (Current)
Notable Changes:

* Buffer
  * Passing invalid input to Buffer.byteLength will now throw an error [#8946](#8946).
  * Calling Buffer without new is now deprecated and will emit a process warning [#8169](#8169).
  * Passing a negative number to allocUnsafe will now throw an error [#7079](#7079).
* Child Process
  * The fork and execFile methods now have stronger argument validation [#7399](#7399).
* Cluster
  * The worker.suicide method is deprecated and will emit a process warning [#3747](#3747).
* Deps
  * V8 has been updated to 5.4.500.36 [#8317](#8317), [#8852](#8852), [#9253](#9253).
  * NODE_MODULE_VERSION has been updated to 51 [#8808](#8808).
* File System
  * A process warning is emitted if a callback is not passed to async file system methods [#7897](#7897).
* Intl
  * Intl.v8BreakIterator constructor has been deprecated and will emit a process warning [#8908](#8908).
* Promises
  * Unhandled Promise rejections have been deprecated and will emit a process warning [#8217](#8217).
* Punycode
  * The `punycode` module has been deprecated [#7941](#7941).
* URL
  * An Experimental WHATWG URL Parser has been introduced [#7448](#7448).

PR-URL: #9099

imyller added a commit to imyller/meta-nodejs that referenced this pull request Oct 25, 2016

2016-10-25, Version 7.0.0 (Current)
    Notable Changes:

    * Buffer
      * Passing invalid input to Buffer.byteLength will now throw an error [#8946](nodejs/node#8946).
      * Calling Buffer without new is now deprecated and will emit a process warning [#8169](nodejs/node#8169).
      * Passing a negative number to allocUnsafe will now throw an error [#7079](nodejs/node#7079).
    * Child Process
      * The fork and execFile methods now have stronger argument validation [#7399](nodejs/node#7399).
    * Cluster
      * The worker.suicide method is deprecated and will emit a process warning [#3747](nodejs/node#3747).
    * Deps
      * V8 has been updated to 5.4.500.36 [#8317](nodejs/node#8317), [#8852](nodejs/node#8852), [#9253](nodejs/node#9253).
      * NODE_MODULE_VERSION has been updated to 51 [#8808](nodejs/node#8808).
    * File System
      * A process warning is emitted if a callback is not passed to async file system methods [#7897](nodejs/node#7897).
    * Intl
      * Intl.v8BreakIterator constructor has been deprecated and will emit a process warning [#8908](nodejs/node#8908).
    * Promises
      * Unhandled Promise rejections have been deprecated and will emit a process warning [#8217](nodejs/node#8217).
    * Punycode
      * The `punycode` module has been deprecated [#7941](nodejs/node#7941).
    * URL
      * An Experimental WHATWG URL Parser has been introduced [#7448](nodejs/node#7448).

Signed-off-by: Ilkka Myller <ilkka.myller@nodefield.com>

@gibfahn gibfahn referenced this pull request Jun 15, 2017

Closed

Auditing for 6.11.1 #230

2 of 3 tasks complete
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment