-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
dgram: socket.send() crash when input array is modified #6616
Comments
I tried hard to benchmark the array allocation penalty, and I failed to produce a statistical difference, at least when I did the PR. Regarding the array change you are right, we need to clone. I hope it will not cause a perfomance penalty. BTW, did this come from a user issue? Is there some urgency in fixing it? I will not have bandwidth till mid-may to work on it. |
I don't think it's critical. I was checking something in lib/dgram.js and this stood out. |
@bnoordhuis let me know if you find any other area worth improving (there is actually http://docs.libuv.org/en/v1.x/udp.html#c.uv_udp_try_send to implement) |
This doesn't look like an array modification problem because the following works:
It just looks like
|
I'm new to this codebase so let me know if I'm off base here but after looking at the
The windows version, however, passes them in directly to WSASendTo whose documentation says the buffers should not be modified for the duration of the call:
Is it an option to only wrap the |
@brown-dragon there is a slight chance for a GC run to deallocate those buffers in the meanwhile, as the buffers are not copied. A new array needs to be allocated and all values copied over. |
This commit fix a possible crash situation in dgram send(). A crash is possible if an array is passed, and then altered after the send call, as the call to libuv is wrapped in process.nextTick(). Fixes: nodejs#6616
This commit fix a possible crash situation in dgram send(). A crash is possible if an array is passed, and then altered after the send call, as the call to libuv is wrapped in process.nextTick(). It also avoid sending an empty array to libuv by allocating an empty buffer. It also does some cleanup inside send() to increase readability. It removes test flakyness by use common.mustCall and common.platformTimeout. Fixes situations were some events were not asserted to be emitted. Fixes: nodejs#6616 PR-URL: nodejs#6804 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
This commit fix a possible crash situation in dgram send(). A crash is possible if an array is passed, and then altered after the send call, as the call to libuv is wrapped in process.nextTick(). It also avoid sending an empty array to libuv by allocating an empty buffer. It also does some cleanup inside send() to increase readability. It removes test flakyness by use common.mustCall and common.platformTimeout. Fixes situations were some events were not asserted to be emitted. Fixes: #6616 PR-URL: #6804 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
#4374 introduces a bug: it makes
socket.send()
accept an array but it's not resilient against that array getting modified afterwards:A secondary issue with #4374 is that it penalizes the common case of passing in a buffer by always wrapping it in an array.
/cc @mcollina @jasnell
The text was updated successfully, but these errors were encountered: