Skip to content

src: fix out-of-bounds check of serialization indices #41452

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

src: fix out-of-bounds check of serialization indices #41452

wants to merge 1 commit into from

Conversation

JoostK
Copy link
Contributor

@JoostK JoostK commented Jan 9, 2022

The usage of CHECK_LE to verify that the index is within bounds
of a vector's size allows for reading one item past the vector's end,
which is in invalid memory read. This commit fixes the off-by-one error
by changing the bounds check to use CHECK_LT.

@JoostK
src: fix out-of-bounds check of serialization indices
a1c0cd1 
The usage of `CHECK_LE` to verify that the index is within bounds
of a vector's size allows for reading one item past the vector's end,
which is in invalid memory read. This commit fixes the off-by-one error
by changing the bounds check to use `CHECK_LT`.
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. labels Jan 9, 2022
@cjihrig
Copy link
Contributor

cjihrig commented Jan 9, 2022

@JoostK did you intend to open this as a draft PR? The changes look good to me.

@JoostK JoostK marked this pull request as ready for review January 9, 2022 19:29
@JoostK
Copy link
Contributor Author

JoostK commented Jan 9, 2022

@cjihrig Nope, my typical workflow is to wait for CI to go green before requesting reviews, but I notice now that CI is not running for draft PRs.

@Mesteery Mesteery added the request-ci Add this label to start a Jenkins CI on a PR. label Jan 9, 2022
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Jan 9, 2022
@Trott Trott added the request-ci Add this label to start a Jenkins CI on a PR. label Jan 12, 2022
@github-actions github-actions bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Jan 12, 2022
@nodejs-github-bot

This comment has been minimized.

Sign in to view
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/41863/

@tniessen
Copy link
Member

Landed in 79e07a4, thank you for the contribution @JoostK!

@tniessen tniessen closed this Jan 14, 2022
tniessen pushed a commit that referenced this pull request Jan 14, 2022
@JoostK @tniessen
src: fix out-of-bounds check of serialization indices
79e07a4 
The usage of `CHECK_LE` to verify that the index is within bounds
of a vector's size allows for reading one item past the vector's end,
which is in invalid memory read. This commit fixes the off-by-one error
by changing the bounds check to use `CHECK_LT`.

PR-URL: #41452
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: Rich Trott <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
targos pushed a commit that referenced this pull request Jan 14, 2022
@JoostK @targos
src: fix out-of-bounds check of serialization indices
7ac126b 
The usage of `CHECK_LE` to verify that the index is within bounds
of a vector's size allows for reading one item past the vector's end,
which is in invalid memory read. This commit fixes the off-by-one error
by changing the bounds check to use `CHECK_LT`.

PR-URL: #41452
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: Rich Trott <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
@targos targos mentioned this pull request Jan 16, 2022
Merged
mawaregetsuka pushed a commit to mawaregetsuka/node that referenced this pull request Jan 17, 2022
@JoostK @mawaregetsuka
src: fix out-of-bounds check of serialization indices
5ea54ae 
The usage of `CHECK_LE` to verify that the index is within bounds
of a vector's size allows for reading one item past the vector's end,
which is in invalid memory read. This commit fixes the off-by-one error
by changing the bounds check to use `CHECK_LT`.

PR-URL: nodejs#41452
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: Rich Trott <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
thedull pushed a commit to thedull/node that referenced this pull request Jan 18, 2022
@JoostK @thedull
src: fix out-of-bounds check of serialization indices
458da04 
The usage of `CHECK_LE` to verify that the index is within bounds
of a vector's size allows for reading one item past the vector's end,
which is in invalid memory read. This commit fixes the off-by-one error
by changing the bounds check to use `CHECK_LT`.

PR-URL: nodejs#41452
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: Rich Trott <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
Linkgoron pushed a commit to Linkgoron/node that referenced this pull request Jan 31, 2022
@JoostK @Linkgoron
src: fix out-of-bounds check of serialization indices
e371cee 
The usage of `CHECK_LE` to verify that the index is within bounds
of a vector's size allows for reading one item past the vector's end,
which is in invalid memory read. This commit fixes the off-by-one error
by changing the bounds check to use `CHECK_LT`.

PR-URL: nodejs#41452
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: Rich Trott <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
danielleadams pushed a commit that referenced this pull request Feb 1, 2022
@JoostK @danielleadams
src: fix out-of-bounds check of serialization indices
b4d2454 
The usage of `CHECK_LE` to verify that the index is within bounds
of a vector's size allows for reading one item past the vector's end,
which is in invalid memory read. This commit fixes the off-by-one error
by changing the bounds check to use `CHECK_LT`.

PR-URL: #41452
Reviewed-By: Anna Henningsen <[email protected]>
Reviewed-By: Colin Ihrig <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: Rich Trott <[email protected]>
Reviewed-By: Luigi Pinca <[email protected]>
Reviewed-By: Richard Lau <[email protected]>
@danielleadams danielleadams mentioned this pull request Feb 1, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Trott Trott Trott approved these changes

@addaleax addaleax addaleax approved these changes

@lpinca lpinca lpinca approved these changes

@cjihrig cjihrig cjihrig approved these changes

@tniessen tniessen tniessen approved these changes

@richardlau richardlau richardlau approved these changes

Assignees
No one assigned
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@JoostK @cjihrig @nodejs-github-bot @tniessen @Trott @addaleax @lpinca @richardlau @Mesteery