Skip to content

fix(ext/node): avoid panic when crypto.randomInt has no arguments #30314

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Aug 5, 2025
Merged

fix(ext/node): avoid panic when crypto.randomInt has no arguments #30314

merged 3 commits into from
Aug 5, 2025

Conversation

garretcarrot
Copy link
Contributor

@garretcarrot garretcarrot commented Aug 4, 2025
edited by bartlomieju
Loading

Closes #30313

Changed:

  • Check that both min and max are safe integers before proceeding with the random integer calculation, to guard against a lack of arguments or an undefined first argument to the randomInt call.

I'm not sure why non-number values were prevented from being checked with NumberIsSafeInteger or why a generic Error was used instead of a TypeError — I assume there may have been reasons and so may have missed something here. But it did seem the simplest way to avoid the panic.

@CLAassistant
Copy link

CLAassistant commented Aug 4, 2025
edited
Loading

CLA assistant check
All committers have signed the CLA.

Tango992
Tango992 reviewed Aug 5, 2025
View reviewed changes
ext/node/polyfills/internal/crypto/_randomInt.ts Outdated
Comment on lines 43 to 44
if (!NumberIsSafeInteger(min) || !NumberIsSafeInteger(max)) {
throw new TypeError("max or min is not a Safe Number");
Copy link
Contributor

@Tango992 Tango992 Aug 5, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How about we follow Node.js's implementation, so that we can have the same error message:
https://github.com/nodejs/node/blob/9d2368f64329bf194c4e82b349e76fdad879d32a/lib/internal/crypto/random.js#L225-L230

You can import the error from here:

import { ERR_INVALID_ARG_TYPE } from "ext:deno_node/internal/errors.ts";

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, of course — thanks for the suggestion

@bartlomieju
Copy link
Member

Thanks @garretcarrot, this looks good. Can you please run tools/format.js and push again?

@garretcarrot
Copy link
Contributor Author

Oops, I did for the first commit and not the last one. Would it be OK to change the other Error exceptions to use ERR_ types here, or is that more appropriate in a separate PR?

bartlomieju
bartlomieju approved these changes Aug 5, 2025
View reviewed changes
Copy link
Member

@bartlomieju bartlomieju left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@bartlomieju bartlomieju merged commit 038d5a5 into denoland:main Aug 5, 2025
30 of 35 checks passed
@garretcarrot garretcarrot deleted the fix_crypto_randomint_with_no_args branch August 5, 2025 16:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bartlomieju bartlomieju bartlomieju approved these changes

+1 more reviewer

@Tango992 Tango992 Tango992 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

crypto.randomInt panics when called with no arguments

4 participants

@garretcarrot @CLAassistant @bartlomieju @Tango992