From e6a27a70d821371aae10e8116f0666855cd5b4cc Mon Sep 17 00:00:00 2001 From: Ben Noordhuis Date: Wed, 22 Jun 2016 14:32:56 +0200 Subject: [PATCH] src: fix use-after-return in zlib bindings Pointed out by Coverity. Introduced in commit 5b8e1dab from September 2011 ("Initial pass at zlib bindings".) The asynchronous version of Write() used a pointer to a stack-allocated buffer on flush. A mitigating factor is that zlib does not dereference the pointer for zero-sized writes but it's still technically UB. PR-URL: https://github.com/nodejs/node/pull/7374 Reviewed-By: Anna Henningsen Reviewed-By: Colin Ihrig Reviewed-By: James M Snell Reviewed-By: Michael Dawson --- src/node_zlib.cc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/node_zlib.cc b/src/node_zlib.cc index 29649e32c7dbbc..15f58843983c8f 100644 --- a/src/node_zlib.cc +++ b/src/node_zlib.cc @@ -145,8 +145,7 @@ class ZCtx : public AsyncWrap { if (args[1]->IsNull()) { // just a flush - Bytef nada[1] = { 0 }; - in = nada; + in = nullptr; in_len = 0; in_off = 0; } else {