X Tutup
The Wayback Machine - https://web.archive.org/web/20210814162750/https://github.com/nodejs/node/pull/38121
Skip to content

/ node

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deps: V8: cherry-pick 501482cbc704 #38121

Merged
merged 2 commits into from Apr 9, 2021
Merged

deps: V8: cherry-pick 501482cbc704 #38121

merged 2 commits into from Apr 9, 2021

Conversation

@cjihrig
Copy link
Contributor

@cjihrig cjihrig commented Apr 7, 2021

Original commit message:

Fix ValueDeserializer::ReadDouble() bounds check

If end_ is smaller than sizeof(double), the result would wrap
around, and lead to an invalid memory access.

Refs: https://github.com/nodejs/node/issues/37978
Change-Id: Ibc8ddcb0c090358789a6a02f550538f91d431c1d
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2801353
Reviewed-by: Marja Hölttä <marja@chromium.org>
Commit-Queue: Marja Hölttä <marja@chromium.org>
Cr-Commit-Position: refs/heads/master@{#73800}

Refs: v8/v8@501482c
Fixes: #37978
@gengjiawen
Copy link
Member

@gengjiawen gengjiawen commented Apr 7, 2021

common.gypi also need updated (v8_embedder_string part).
@RaisinTen
RaisinTen reviewed Apr 7, 2021
View changes
Copy link
Member

@RaisinTen RaisinTen left a comment

Should we also add a test at test/parallel/test-v8-serdes.js?
@jasnell
jasnell approved these changes Apr 7, 2021
View changes
@cjihrig cjihrig force-pushed the cjihrig:cp branch from 50a26f4 to 8ef497c Apr 8, 2021
@cjihrig
Copy link
Contributor Author

@cjihrig cjihrig commented Apr 8, 2021

common.gypi also need updated (v8_embedder_string part).

Done.

Should we also add a test at test/parallel/test-v8-serdes.js?

Done.
@nodejs-github-bot
Copy link

@nodejs-github-bot nodejs-github-bot commented Apr 8, 2021

CI: https://ci.nodejs.org/job/node-test-pull-request/37276/
@gengjiawen
gengjiawen approved these changes Apr 8, 2021
View changes
@nodejs-github-bot
Copy link

@nodejs-github-bot nodejs-github-bot commented Apr 8, 2021

CI: https://ci.nodejs.org/job/node-test-pull-request/37295/
@RaisinTen
RaisinTen approved these changes Apr 8, 2021
View changes
cjihrig added 2 commits Apr 2, 2021
@cjihrig
deps: V8: cherry-pick 501482cbc704
ca13f7a 
Original commit message:

    Fix ValueDeserializer::ReadDouble() bounds check

    If end_ is smaller than sizeof(double), the result would wrap
    around, and lead to an invalid memory access.

    Refs: #37978
    Change-Id: Ibc8ddcb0c090358789a6a02f550538f91d431c1d
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2801353
    Reviewed-by: Marja Hölttä <marja@chromium.org>
    Commit-Queue: Marja Hölttä <marja@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#73800}

PR-URL: #38121
Fixes: #37978
Refs: v8/v8@501482c
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
@cjihrig
test: add regression test for serdes readDouble()
e96773b 
Refs: #37978
PR-URL: #38121
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
@cjihrig cjihrig force-pushed the cjihrig:cp branch from 8ef497c to e96773b Apr 9, 2021
@cjihrig cjihrig merged commit e96773b into nodejs:master Apr 9, 2021
28 checks passed
28 checks passed
@github-actions
Slack Notification
Details
@github-actions
build-tarball
Details
@github-actions
build-tarball
Details
@github-actions
build-windows
Details
@github-actions
build-windows
Details
@github-actions
coverage-linux
Details
@github-actions
coverage-linux
Details
@github-actions
coverage-windows
Details
@github-actions
coverage-windows
Details
@github-actions
lint-addon-docs
Details
@github-actions
lint-addon-docs
Details
@github-actions
build-docs
Details
@github-actions
build-docs
Details
@github-actions
test-asan
Details
@github-actions
test-asan
Details
@github-actions
test-linux
Details
@github-actions
test-linux
Details
@github-actions
test-macOS
Details
@github-actions
test-macOS
Details
@github-actions
lint-cpp
Details
@github-actions
lint-cpp
Details
@github-actions
lint-md
Details
@github-actions
lint-js
Details
@github-actions
lint-js
Details
@github-actions
lint-py
Details
@github-actions
lint-sh
Details
@github-actions
lint-codeowners
Details
@github-actions
lint-pr-url
Details
@cjihrig cjihrig deleted the cjihrig:cp branch Apr 9, 2021
@BethGriggs BethGriggs mentioned this pull request Apr 12, 2021
Merged
targos added a commit that referenced this pull request May 1, 2021
@cjihrig @targos
deps: V8: cherry-pick 501482cbc704
8951c19 
Original commit message:

    Fix ValueDeserializer::ReadDouble() bounds check

    If end_ is smaller than sizeof(double), the result would wrap
    around, and lead to an invalid memory access.

    Refs: #37978
    Change-Id: Ibc8ddcb0c090358789a6a02f550538f91d431c1d
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2801353
    Reviewed-by: Marja Hölttä <marja@chromium.org>
    Commit-Queue: Marja Hölttä <marja@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#73800}

PR-URL: #38121
Fixes: #37978
Refs: v8/v8@501482c
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
targos added a commit that referenced this pull request May 1, 2021
@cjihrig @targos
test: add regression test for serdes readDouble()
aa0d814 
Refs: #37978
PR-URL: #38121
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
@danielleadams danielleadams mentioned this pull request May 3, 2021
Merged
danielleadams added a commit that referenced this pull request May 8, 2021
@cjihrig @danielleadams
deps: V8: cherry-pick 501482cbc704
a6dba4d 
Original commit message:

    Fix ValueDeserializer::ReadDouble() bounds check

    If end_ is smaller than sizeof(double), the result would wrap
    around, and lead to an invalid memory access.

    Refs: #37978
    Change-Id: Ibc8ddcb0c090358789a6a02f550538f91d431c1d
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2801353
    Reviewed-by: Marja Hölttä <marja@chromium.org>
    Commit-Queue: Marja Hölttä <marja@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#73800}

PR-URL: #38121
Fixes: #37978
Refs: v8/v8@501482c
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
danielleadams added a commit that referenced this pull request May 8, 2021
@cjihrig @danielleadams
test: add regression test for serdes readDouble()
7162bea 
Refs: #37978
PR-URL: #38121
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jasnell jasnell

@gengjiawen gengjiawen

@RaisinTen RaisinTen

Assignees
No one assigned
Labels
author ready needs-ci v8 engine
Projects
None yet
Milestone
No milestone
Linked issues

Successfully merging this pull request may close these issues.

"deserializer.readDouble()" results in an abort
5 participants
@cjihrig @gengjiawen @nodejs-github-bot @jasnell @RaisinTen
X Tutup