crypto: guard against size_t overflow on experimental 32-bit arch by panva · Pull Request #62626 · nodejs/node

panva · Apr 7, 2026

Refs: https://hackerone.com/reports/3655230

Refs: https://hackerone.com/reports/3655230 Signed-off-by: Filip Skokan <panva.ip@gmail.com>

nodejs-github-bot · Apr 7, 2026

Review requested:

@nodejs/crypto

panva · Apr 7, 2026

cc @nodejs/security

codecov · Apr 7, 2026

Codecov Report

❌ Patch coverage is 40.00000% with 3 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.77%. Comparing base (f48ac91) to head (a6bedb1).
⚠️ Report is 28 commits behind head on main.

Files with missing lines	Patch %	Lines
src/crypto/crypto_turboshake.cc	40.00%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #62626   +/-   ##
=======================================
  Coverage   89.77%   89.77%           
=======================================
  Files         697      697           
  Lines      215749   215754    +5     
  Branches    41304    41288   -16     
=======================================
+ Hits       193681   193698   +17     
- Misses      14161    14166    +5     
+ Partials     7907     7890   -17

Files with missing lines	Coverage Δ
src/crypto/crypto_turboshake.cc	`82.81% <40.00%> (-0.62%)`	⬇️

... and 25 files with indirect coverage changes

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

nodejs-github-bot · Apr 8, 2026

CI: https://ci.nodejs.org/job/node-test-pull-request/72549/

nodejs-github-bot · Apr 9, 2026

Landed in 41afe9b

Refs: https://hackerone.com/reports/3655230 Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: #62626 Refs: https://hackerone.com/reports/3655230 Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>

Refs: https://hackerone.com/reports/3655230 Signed-off-by: Filip Skokan <panva.ip@gmail.com> PR-URL: nodejs#62626 Refs: https://hackerone.com/reports/3655230 Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>

crypto: guard against size_t overflow on experimental 32-bit arch

a6bedb1

Refs: https://hackerone.com/reports/3655230 Signed-off-by: Filip Skokan <panva.ip@gmail.com>

nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. crypto Issues and PRs related to the crypto subsystem. needs-ci PRs that need a full CI run. labels Apr 7, 2026

panva requested a review from RafaelGSS April 7, 2026 16:30

juanarbol approved these changes Apr 7, 2026

View reviewed changes

panva added the request-ci Add this label to start a Jenkins CI on a PR. label Apr 7, 2026

github-actions Bot removed the request-ci Add this label to start a Jenkins CI on a PR. label Apr 7, 2026

This comment was marked as outdated.

Sign in to view

panva added the author ready PRs that have at least one approval, no pending requests for changes, and a CI started. label Apr 7, 2026

jasnell approved these changes Apr 8, 2026

View reviewed changes

anonrig approved these changes Apr 8, 2026

View reviewed changes

panva added the commit-queue Add this label to land a pull request using GitHub Actions. label Apr 8, 2026

nodejs-github-bot removed the commit-queue Add this label to land a pull request using GitHub Actions. label Apr 9, 2026

nodejs-github-bot merged commit 41afe9b into nodejs:main Apr 9, 2026
84 checks passed

panva deleted the fail-fast-32bit-overflow branch April 9, 2026 16:48

github-actions Bot mentioned this pull request Apr 9, 2026

[Vulnerability] nodejs/node: Heap Buffer Overflow 7azimo01/vulnerability-spoiler-alert#359

Open

aduh95 mentioned this pull request May 5, 2026

2026-05-07, Version 26.1.0 #63137

Merged

panva added dont-land-on-v22.x PRs that should not land on the v22.x-staging branch and should not be released in v22.x. dont-land-on-v24.x PRs that should not land on the v24.x-staging branch and should not be released in v24.x. labels May 7, 2026

panva mentioned this pull request May 25, 2026

[v24.x backport] crypto, WebCrypto, and WebIDL updates #63563

Open

panva added backport-open-v24.x Indicate that the PR has an open backport and removed dont-land-on-v24.x PRs that should not land on the v24.x-staging branch and should not be released in v24.x. labels May 25, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

crypto: guard against size_t overflow on experimental 32-bit arch#62626

crypto: guard against size_t overflow on experimental 32-bit arch#62626
nodejs-github-bot merged 1 commit into
nodejs:mainnodejs/node:mainfrom
panva:fail-fast-32bit-overflowpanva/node:fail-fast-32bit-overflowCopy head branch name to clipboard

panva commented Apr 7, 2026

Uh oh!

nodejs-github-bot commented Apr 7, 2026

Uh oh!

This comment was marked as outdated.

panva commented Apr 7, 2026

Uh oh!

codecov Bot commented Apr 7, 2026 •

edited

Loading

Uh oh!

nodejs-github-bot commented Apr 8, 2026

Uh oh!

Uh oh!

nodejs-github-bot commented Apr 9, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

Search code, repositories, users, issues, pull requests...

Uh oh!

Conversation

panva commented Apr 7, 2026

Uh oh!

nodejs-github-bot commented Apr 7, 2026

Uh oh!

This comment was marked as outdated.

panva commented Apr 7, 2026

Uh oh!

codecov Bot commented Apr 7, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

nodejs-github-bot commented Apr 8, 2026

Uh oh!

Uh oh!

nodejs-github-bot commented Apr 9, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

5 participants

codecov Bot commented Apr 7, 2026 •

edited

Loading