From 642f81317e1091e2cc13bcad8526b2bd73be5e03 Mon Sep 17 00:00:00 2001 From: Ben Noordhuis Date: Fri, 24 Apr 2020 21:12:32 +0200 Subject: [PATCH] src: fix invalid windowBits=8 gzip segfault MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit `{ windowBits: 8 }` is legal for deflate streams but not gzip streams. Fix a nullptr dereference when formatting the error message. Bug introduced in commit c34eae5f88 ("zlib: refactor zlib internals") from September 2018. PR-URL: https://github.com/nodejs/node/pull/33045 Reviewed-By: Anna Henningsen Reviewed-By: Gerhard Stöbich Reviewed-By: David Carlier --- src/node_zlib.cc | 9 +++++++-- test/parallel/test-zlib.js | 7 +++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/node_zlib.cc b/src/node_zlib.cc index 18f548cc31ad66..9ac792d90cc673 100644 --- a/src/node_zlib.cc +++ b/src/node_zlib.cc @@ -111,7 +111,12 @@ enum node_zlib_mode { struct CompressionError { CompressionError(const char* message, const char* code, int err) - : message(message), code(code), err(err) {} + : message(message), + code(code), + err(err) { + CHECK_NOT_NULL(message); + } + CompressionError() = default; const char* message = nullptr; @@ -996,7 +1001,7 @@ CompressionError ZlibContext::Init( if (err_ != Z_OK) { dictionary_.clear(); mode_ = NONE; - return ErrorForMessage(nullptr); + return ErrorForMessage("zlib error"); } return SetDictionary(); diff --git a/test/parallel/test-zlib.js b/test/parallel/test-zlib.js index 509dcd2207e83e..662bf1abe0ba33 100644 --- a/test/parallel/test-zlib.js +++ b/test/parallel/test-zlib.js @@ -27,6 +27,13 @@ const stream = require('stream'); const fs = require('fs'); const fixtures = require('../common/fixtures'); +// Should not segfault. +assert.throws(() => zlib.gzipSync(Buffer.alloc(0), { windowBits: 8 }), { + code: 'ERR_ZLIB_INITIALIZATION_FAILED', + name: 'Error', + message: 'Initialization failed', +}); + let zlibPairs = [ [zlib.Deflate, zlib.Inflate], [zlib.Gzip, zlib.Gunzip],