Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

src,lib: handle invalid stdio configuration gracefully #55942

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

src,lib: handle invalid stdio configuration gracefully #55942

wants to merge 1 commit into from

Conversation

juanarbol
Copy link
Member

Fixes an issue where malformed or unexpected stdio configurations could cause crashes or undefined behavior during child process spawning. This patch ensures robust validation of stdio entries:

Fixes: #55932

I don't think we should patch user-space misconfiguration. This is a rare case and, could be extrapolated to different issues. I never faced an issue due to proto mutation. But I personally don't think we should patch that (except for the native layer.)

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. child_process Issues and PRs related to the child_process subsystem. needs-ci PRs that need a full CI run. labels Nov 21, 2024
@codecov Codecov
Copy link

codecov bot commented Nov 21, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 40.00000% with 9 lines in your changes missing coverage. Please review.

Project coverage is 88.00%. Comparing base (ac7fea6) to head (67467c6).
Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
src/process_wrap.cc 0.00% 4 Missing and 1 partial ⚠️
lib/internal/child_process.js 60.00% 4 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #55942      +/-   ##
==========================================
- Coverage   88.01%   88.00%   -0.01%     
==========================================
  Files         656      656              
  Lines      189136   189151      +15     
  Branches    36004    36012       +8     
==========================================
+ Hits       166461   166470       +9     
- Misses      15842    15853      +11     
+ Partials     6833     6828       -5
Files with missing lines Coverage Δ
lib/internal/child_process.js 93.88% <60.00%> (-0.30%) ⬇️
src/process_wrap.cc 82.10% <0.00%> (-2.22%) ⬇️

... and 27 files with indirect coverage changes

jasnell
jasnell reviewed Nov 23, 2024
View reviewed changes
test/parallel/test-child-process-muted-array-proto.js Outdated
return;
}

// Refs: https://github.com/nodejs/node/issues/55932
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In addition to the link, a short description of the issue being tested would be helpful so folks don't have to actually follow the link to see what this is about.

@targos
Copy link
Member

targos commented Nov 24, 2024

I'm fine with improving robustness wrt userland prototype changes, but I don't think we should add tests for that.

@juanarbol
Copy link
Member Author

but I don't think we should add tests for that.

Agree

In addition to the link, a short description of the issue being tested would be helpful so folks don't have to actually follow the link to see what this is about.

Roger that

I addressed both of your comments, PTAL @jasnell @targos

@juanarbol
src,lib: handle invalid stdio configuration gracefully
67467c6 
Fixes an issue where malformed or unexpected stdio configurations
could cause crashes or undefined behavior during child process
spawning. This patch ensures robust validation of stdio entries:

Fixes: nodejs#55932
Signed-off-by: Juan José Arboleda <[email protected]>
@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/63932/

@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/63934/

@nodejs-github-bot
Copy link
Collaborator

CI: https://ci.nodejs.org/job/node-test-pull-request/63936/

targos
targos reviewed Dec 8, 2024
View reviewed changes
src/process_wrap.cc
Comment on lines +132 to +133
stdio->Set(context, env->type_string(), env->ignore_string())
.FromJust();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This opens the door for another crash if the prototype has a throwing setter for the type property.
If you keep this approach, you should at least handle the error instead of calling FromJust.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@targos targos targos left review comments

@jasnell jasnell jasnell approved these changes

Assignees
No one assigned
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. child_process Issues and PRs related to the child_process subsystem. needs-ci PRs that need a full CI run.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

FATAL ERROR: v8::ToLocalChecked Empty MaybeLocal
4 participants
@juanarbol @targos @nodejs-github-bot @jasnell