Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Backport important Buffer changes to v5.x #7169

Merged
merged 2 commits into from
Jun 19, 2016
Merged

Conversation

ChALkeR
Copy link
Member

@ChALkeR ChALkeR commented Jun 5, 2016

This backports three two Buffer-related commits to 5.x

  1. allocUnsafeSlow introduction from buffer: replace SlowBuffer with Buffer.allocUnsafeSlow(size) #5833.

    Buffer.alloc and Buffer.allocUnsafe are already backported to 5.x, while Buffer.allosUnsafeSlow isn't — that could be unexpected by users. The good thing is that allocUnsafeSlow (as SlowBuffer) is hopefully rarely used.

    This is a backport and was significantly changed from the original commit — it does not modify any existing code or tests, it just adds the new API method and tests for it. No deprecation is introduced in the docs.

  2. ignore negative allocation lengths from buffer: ignore negative allocation lengths #7051 — security-related.

    Merged in Backport «buffer: ignore negative allocation lengths» to v5.x #7221.

  3. add buffer testcase for resetting kZeroFill from lib,src: reset zero fill flag on exception #7093 — testcase for safeguard against accidental kNoZeroFill.

    This landed cleanly.

/cc @jasnell @trevnorris @bnoordhuis @addaleax

@ChALkeR ChALkeR added buffer Issues and PRs related to the buffer subsystem. v5.x labels Jun 5, 2016
@ChALkeR
Copy link
Member Author

ChALkeR commented Jun 5, 2016

The first commit here is a semver-minor.

Can we get a semver-minor release in 5.x? That would also be good for backporting worker.exitedAfterDisconnect (ref: #3747 (comment)).

@ChALkeR ChALkeR added the semver-minor PRs that contain new features and should be released in the next minor version. label Jun 5, 2016
@addaleax
Copy link
Member

addaleax commented Jun 5, 2016

LGTM

@evanlucas
Copy link
Contributor

Yea I be happy to cut another v5 with some of these changes. Anyone oppose? /cc @nodejs/release

@ChALkeR
Copy link
Member Author

ChALkeR commented Jun 5, 2016

Ah, sorry. At least one commit here was actually already backported to 5.x, my local copy somewhy didn't get updated. Will rebase in a moment, it will be three commits here =).

@ChALkeR
Copy link
Member Author

ChALkeR commented Jun 5, 2016

Rebased.

@ChALkeR
Copy link
Member Author

ChALkeR commented Jun 5, 2016

Uhm. Actually, after a rebase there is no need to have this grouped in one PR — all three commits here are independent and could be landed in any order now.

So if this gets stuck on the first change (the API backport) — we should better split this into separate PRs.

@jasnell
Copy link
Member

jasnell commented Jun 6, 2016

Will be able to take a look today.
On Jun 5, 2016 4:52 PM, "Сковорода Никита Андреевич" <
notifications@github.com> wrote:

Rebased.


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#7169 (comment), or mute
the thread
https://github.com/notifications/unsubscribe/AAa2ecLHRMhCUd6GDuBRdEKHXoIXcZUEks5qI2EtgaJpZM4IueVf
.

@jasnell
Copy link
Member

jasnell commented Jun 6, 2016

LGTM

@MylesBorins
Copy link
Contributor

/cc @evanlucas

@ChALkeR
Copy link
Member Author

ChALkeR commented Jun 8, 2016

Ok, not it's not clear if the next 5.x release will be a semver-minor one, so I'm splitting this in two PRs.

This backports the new `Buffer.allocUnsafeSlow()` API for v5.

This backport includes the new API, test cases, and docs additions.
Already present API and testcases were not changed.

PR-URL: nodejs#7169
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Test failed or zero-sized Buffer allocations not affecting subsequent
creations of typed arrays.

PR-URL: nodejs#7169
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
@ChALkeR
Copy link
Member Author

ChALkeR commented Jun 17, 2016

Rebased after landing #7221.

@ChALkeR
Copy link
Member Author

ChALkeR commented Jun 17, 2016

I will land this tomorrow if there are no objections.
/cc @rvagg

@ChALkeR
Copy link
Member Author

ChALkeR commented Jun 19, 2016

@ChALkeR
Copy link
Member Author

ChALkeR commented Jun 19, 2016

CI is mostly green, failures (alpine and smartos) look unrelated. Landing.

@ChALkeR ChALkeR merged commit 03d36ae into nodejs:v5.x Jun 19, 2016
evanlucas added a commit that referenced this pull request Jun 23, 2016
Notable changes:

This is a security release. All Node.js users should consult the security
release summary at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases
for details on patched vulnerabilities.

* **buffer**
  * backport allocUnsafeSlow (Сковорода Никита Андреевич) [#7169](#7169)
  * ignore negative allocation lengths (Anna Henningsen) [#7221](#7221)
* **deps**: backport 3a9bfec from v8 upstream (Ben Noordhuis) [nodejs/node-private#40](https://github.com/nodejs/node-private/pull/40)
  * Fixes a Buffer overflow vulnerability discovered in v8. More details
    can be found in the CVE (CVE-2016-1699).

PR-URL: https://github.com/nodejs/node-private/pull/51
@MylesBorins MylesBorins removed their assignment Dec 27, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
buffer Issues and PRs related to the buffer subsystem. semver-minor PRs that contain new features and should be released in the next minor version.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants