diff options
| author | Ben Noordhuis <info@bnoordhuis.nl> | 2014-10-25 07:27:21 +0200 |
|---|---|---|
| committer | Ben Noordhuis <info@bnoordhuis.nl> | 2014-10-28 12:42:14 +0100 |
| commit | 78e38f59ad9f7fbb6a68a5f254aec7d9bae428c3 (patch) | |
| tree | 42d60b3835d723275fbc1d09ef013e4f787d9922 | |
| parent | 081e94a90d82359ababd12b4cda913467284a40d (diff) | |
| download | node-new-78e38f59ad9f7fbb6a68a5f254aec7d9bae428c3.tar.gz | |
src: fix uninitialized memory dereference
The elements of the heap-allocated TaskQueue::ring_ array in
src/node_v8_platform.cc were compared against without being
initialized first.
Fixes node-forward/node#33.
PR-URL: https://github.com/node-forward/node/pull/34
Reviewed-By: Fedor Indutny <fedor@indutny.com>
| -rw-r--r-- | src/node_v8_platform.cc | 14 | ||||
| -rw-r--r-- | src/node_v8_platform.h | 8 |
2 files changed, 9 insertions, 13 deletions
diff --git a/src/node_v8_platform.cc b/src/node_v8_platform.cc index d71fdd4cc9..aed4661597 100644 --- a/src/node_v8_platform.cc +++ b/src/node_v8_platform.cc @@ -98,12 +98,9 @@ void Platform::WorkerBody(void* arg) { TaskQueue::TaskQueue() { int err; - static_assert(kRingSize == (kRingSize & (~(kRingSize - 1))), - "kRingSize is not a power of two"); + for (size_t i = 0; i < ARRAY_SIZE(ring_); i += 1) + ring_[i] = nullptr; - size_ = kRingSize; - ring_ = new Task*[size_]; - mask_ = size_ - 1; read_off_ = 0; write_off_ = 0; @@ -120,9 +117,6 @@ TaskQueue::TaskQueue() { TaskQueue::~TaskQueue() { CHECK_EQ(read_off_, write_off_); - - delete[] ring_; - ring_ = nullptr; uv_sem_destroy(&sem_); uv_cond_destroy(&cond_); uv_mutex_destroy(&mutex_); @@ -138,7 +132,7 @@ void TaskQueue::Push(Task* task) { ring_[write_off_] = task; write_off_++; - write_off_ &= mask_; + write_off_ &= kRingMask; uv_mutex_unlock(&mutex_); uv_sem_post(&sem_); @@ -154,7 +148,7 @@ Task* TaskQueue::Shift() { uv_cond_signal(&cond_); read_off_++; - read_off_ &= mask_; + read_off_ &= kRingMask; uv_mutex_unlock(&mutex_); return task; diff --git a/src/node_v8_platform.h b/src/node_v8_platform.h index 59bcdaeb02..a51c3a10a6 100644 --- a/src/node_v8_platform.h +++ b/src/node_v8_platform.h @@ -37,15 +37,17 @@ class TaskQueue { private: static const unsigned int kRingSize = 1024; + static const unsigned int kRingMask = kRingSize - 1; + + static_assert(kRingSize == (kRingSize & ~kRingMask), + "kRingSize is not a power of two"); uv_sem_t sem_; uv_cond_t cond_; uv_mutex_t mutex_; - v8::Task** ring_; - unsigned int size_; - unsigned int mask_; unsigned int read_off_; unsigned int write_off_; + v8::Task* ring_[kRingSize]; }; class Platform : public v8::Platform { |