From b282640c5353f37b706d3395718e80db244644b2 Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Sat, 17 Dec 2022 21:01:15 -0600 Subject: user/node: Update to 16.19.0; fix test, NULL deref * The worker-stdio test no longer raises RangeError on 32-bit Intel. * The sigint test is no longer flaky (backported from 18 branch). * The C++ Environment handler no longer segfaults when /proc is unmounted. (Submitted upstream.) Fixes: #795 --- user/node/env-nullptr-backport.patch | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 user/node/env-nullptr-backport.patch (limited to 'user/node/env-nullptr-backport.patch') diff --git a/user/node/env-nullptr-backport.patch b/user/node/env-nullptr-backport.patch new file mode 100644 index 000000000..02878dc25 --- /dev/null +++ b/user/node/env-nullptr-backport.patch @@ -0,0 +1,28 @@ +From 8214cc175f0c4e600a3af5cedd94e4fd4d8d839e Mon Sep 17 00:00:00 2001 +From: "A. Wilcox" +Date: Sat, 17 Dec 2022 19:39:01 -0600 +Subject: [PATCH] env: check size of args before using for exec_path + +If we are in an artifically created Environment that has no args set, +and uv_exepath returns an error (for instance, if /proc is not mounted +on a Linux system), then we crash with a nullptr deref attempting to +use argv[0]. + +Fixes: https://github.com/nodejs/node/issues/45901 +--- + src/env.cc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/env.cc b/src/env.cc +index 5172d71ad6a6..97e0ac581113 100644 +--- node-v16.15.0/src/env.cc.old 2022-04-26 22:03:30.000000000 +0000 ++++ node-v16.15.0/src/env.cc 2022-12-18 01:19:23.417720353 +0000 +@@ -309,7 +309,7 @@ + std::string exec_path; + if (uv_exepath(exec_path_buf, &exec_path_len) == 0) { + exec_path = std::string(exec_path_buf, exec_path_len); +- } else { ++ } else if (argv.size() > 0) { + exec_path = argv[0]; + } + -- cgit v1.2.3-70-g09d2