Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 7ac126b

Browse filesBrowse files
JoostKtargos
JoostK
authored and
targos
committed
src: fix out-of-bounds check of serialization indices
The usage of `CHECK_LE` to verify that the index is within bounds of a vector's size allows for reading one item past the vector's end, which is in invalid memory read. This commit fixes the off-by-one error by changing the bounds check to use `CHECK_LT`. PR-URL: #41452 Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Colin Ihrig <cjihrig@gmail.com> Reviewed-By: Tobias Nießen <tniessen@tnie.de> Reviewed-By: Rich Trott <rtrott@gmail.com> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Richard Lau <rlau@redhat.com>
1 parent 5c0c459 commit 7ac126b
Copy full SHA for 7ac126b

File tree

Expand file treeCollapse file tree

1 file changed

+3
-3
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

1 file changed

+3
-3
lines changed
Open diff view settings
Collapse file

‎src/node_messaging.cc‎

Copy file name to clipboardExpand all lines: src/node_messaging.cc
+3-3Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -98,19 +98,19 @@ class DeserializerDelegate : public ValueDeserializer::Delegate {
9898
uint32_t id;
9999
if (!deserializer->ReadUint32(&id))
100100
return MaybeLocal<Object>();
101-
CHECK_LE(id, host_objects_.size());
101+
CHECK_LT(id, host_objects_.size());
102102
return host_objects_[id]->object(isolate);
103103
}
104104

105105
MaybeLocal<SharedArrayBuffer> GetSharedArrayBufferFromId(
106106
Isolate* isolate, uint32_t clone_id) override {
107-
CHECK_LE(clone_id, shared_array_buffers_.size());
107+
CHECK_LT(clone_id, shared_array_buffers_.size());
108108
return shared_array_buffers_[clone_id];
109109
}
110110

111111
MaybeLocal<WasmModuleObject> GetWasmModuleFromId(
112112
Isolate* isolate, uint32_t transfer_id) override {
113-
CHECK_LE(transfer_id, wasm_modules_.size());
113+
CHECK_LT(transfer_id, wasm_modules_.size());
114114
return WasmModuleObject::FromCompiledModule(
115115
isolate, wasm_modules_[transfer_id]);
116116
}

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.