diff options
| author | Ben Noordhuis <info@bnoordhuis.nl> | 2012-03-09 06:35:50 -0800 |
|---|---|---|
| committer | Ben Noordhuis <info@bnoordhuis.nl> | 2012-03-09 23:57:03 +0100 |
| commit | 8c02f9b7c844909cf5977d065b793c99eb0f9c45 (patch) | |
| tree | 502f4d08b899802c99ae30b07ffc945f7ee71b74 /src | |
| parent | 2589d5561191ac58f5c87efa796457c9936de73f (diff) | |
| download | node-new-8c02f9b7c844909cf5977d065b793c99eb0f9c45.tar.gz | |
buffer: throw from constructor if length > kMaxLength
Throw, don't abort. `new Buffer(0x3fffffff + 1)` used to bring down the process
with the following error message:
FATAL ERROR: v8::Object::SetIndexedPropertiesToExternalArrayData() length
exceeds max acceptable value
Fixes #2280.
Diffstat (limited to 'src')
| -rw-r--r-- | src/node_buffer.cc | 13 | ||||
| -rw-r--r-- | src/node_buffer.h | 3 | ||||
| -rw-r--r-- | src/v8_typed_array.cc | 8 |
3 files changed, 17 insertions, 7 deletions
diff --git a/src/node_buffer.cc b/src/node_buffer.cc index 14aa3ef612..12fe1e0962 100644 --- a/src/node_buffer.cc +++ b/src/node_buffer.cc @@ -171,13 +171,14 @@ Handle<Value> Buffer::New(const Arguments &args) { HandleScope scope; - if (args[0]->IsInt32()) { - // var buffer = new Buffer(1024); - size_t length = args[0]->Uint32Value(); - new Buffer(args.This(), length); - } else { - return ThrowException(Exception::TypeError(String::New("Bad argument"))); + if (!args[0]->IsUint32()) return ThrowTypeError("Bad argument"); + + size_t length = args[0]->Uint32Value(); + if (length > Buffer::kMaxLength) { + return ThrowRangeError("length > kMaxLength"); } + new Buffer(args.This(), length); + return args.This(); } diff --git a/src/node_buffer.h b/src/node_buffer.h index ef7cf4fd83..abfafa3264 100644 --- a/src/node_buffer.h +++ b/src/node_buffer.h @@ -65,6 +65,9 @@ namespace node { class NODE_EXTERN Buffer: public ObjectWrap { public: + // mirrors deps/v8/src/objects.h + static const int kMaxLength = 0x3fffffff; + static v8::Persistent<v8::FunctionTemplate> constructor_template; static bool HasInstance(v8::Handle<v8::Value> val); diff --git a/src/v8_typed_array.cc b/src/v8_typed_array.cc index 76a636135b..8cf16a3d73 100644 --- a/src/v8_typed_array.cc +++ b/src/v8_typed_array.cc @@ -91,6 +91,10 @@ class ArrayBuffer { } size_t num_bytes = args[0]->Uint32Value(); + if (num_bytes > node::Buffer::kMaxLength) { + return ThrowRangeError("length > kMaxLength"); + } + void* buf = calloc(num_bytes, 1); if (!buf) return ThrowError("Unable to allocate ArrayBuffer."); @@ -224,6 +228,7 @@ class TypedArray { v8::Integer::NewFromUnsigned(length * TBytes)}; buffer = ArrayBuffer::GetTemplate()-> GetFunction()->NewInstance(1, argv); + if (buffer.IsEmpty()) return v8::Undefined(); // constructor failed void* buf = buffer->GetPointerFromInternalField(0); args.This()->SetIndexedPropertiesToExternalArrayData( @@ -252,8 +257,9 @@ class TypedArray { buffer = ArrayBuffer::GetTemplate()-> GetFunction()->NewInstance(1, argv); - void* buf = buffer->GetPointerFromInternalField(0); + if (buffer.IsEmpty()) return v8::Undefined(); // constructor failed + void* buf = buffer->GetPointerFromInternalField(0); args.This()->SetIndexedPropertiesToExternalArrayData( buf, TEAType, length); // TODO(deanm): check for failure. |