X Tutup
The Wayback Machine - https://web.archive.org/web/20230222012252/https://github.com/nodejs/node/commit/8951c19e72
Skip to content
Permalink
Browse files
deps: V8: cherry-pick 501482cbc704 
Original commit message:

    Fix ValueDeserializer::ReadDouble() bounds check

    If end_ is smaller than sizeof(double), the result would wrap
    around, and lead to an invalid memory access.

    Refs: #37978
    Change-Id: Ibc8ddcb0c090358789a6a02f550538f91d431c1d
    Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2801353
    Reviewed-by: Marja Hölttä <marja@chromium.org>
    Commit-Queue: Marja Hölttä <marja@chromium.org>
    Cr-Commit-Position: refs/heads/master@{#73800}

PR-URL: #38121
Fixes: #37978
Refs: v8/v8@501482cbc704
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
  • Loading branch information
@cjihrig @targos
cjihrig authored and targos committed May 1, 2021
1 parent f65eadc commit 8951c19
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 2 deletions.
2 common.gypi
View file
@@ -36,7 +36,7 @@

# Reset this number to 0 on major V8 upgrades.
# Increment by one for each non-official patch applied to deps/v8.
'v8_embedder_string': '-node.60',
'v8_embedder_string': '-node.61',

##### V8 defaults for Node.js #####

3 deps/v8/src/objects/value-serializer.cc
View file
@@ -1175,7 +1175,8 @@ Maybe<T> ValueDeserializer::ReadZigZag() {

Maybe<double> ValueDeserializer::ReadDouble() {
// Warning: this uses host endianness.
if (position_ > end_ - sizeof(double)) return Nothing<double>();
if (sizeof(double) > static_cast<unsigned>(end_ - position_))
return Nothing<double>();
double value;
memcpy(&value, position_, sizeof(double));
position_ += sizeof(double);

0 comments on commit 8951c19

Please sign in to comment.
X Tutup