From bce5db22251e67851e6eef294acf7b6b43c5fb05 Mon Sep 17 00:00:00 2001 From: cjihrig Date: Sat, 4 Nov 2017 18:05:16 -0400 Subject: [PATCH] src: CHECK() for argument overflow in Spawn() This commit adds checks for overflow to args and env in Spawn(). It seems extremely unlikely that either of these values would overflow from a valid use case. Fixes: https://github.com/nodejs/node/issues/15622 PR-URL: https://github.com/nodejs/node/pull/16761 Reviewed-By: Gireesh Punathil --- src/process_wrap.cc | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/process_wrap.cc b/src/process_wrap.cc index c1148f9bfb26ff..a73e4d9779ed46 100644 --- a/src/process_wrap.cc +++ b/src/process_wrap.cc @@ -185,6 +185,8 @@ class ProcessWrap : public HandleWrap { if (!argv_v.IsEmpty() && argv_v->IsArray()) { Local js_argv = Local::Cast(argv_v); int argc = js_argv->Length(); + CHECK_GT(argc + 1, 0); // Check for overflow. + // Heap allocate to detect errors. +1 is for nullptr. options.args = new char*[argc + 1]; for (int i = 0; i < argc; i++) { @@ -211,6 +213,7 @@ class ProcessWrap : public HandleWrap { if (!env_v.IsEmpty() && env_v->IsArray()) { Local env_opt = Local::Cast(env_v); int envc = env_opt->Length(); + CHECK_GT(envc + 1, 0); // Check for overflow. options.env = new char*[envc + 1]; // Heap allocated to detect errors. for (int i = 0; i < envc; i++) { node::Utf8Value pair(env->isolate(),