OSSForks/node
1
0
Fork 0
mirror of https://github.com/zebrajr/node.git synced 2025-12-06 00:20:08 +01:00
Code Issues Actions 8 Packages Projects Releases Wiki Activity

src: cleanup uv_fs_req before uv_fs_stat on existSync

Browse Source 
Refs: https://hackerone.com/reports/3184178

Calling uv_fs_stat() without first calling
uv_fs_req_cleanup() overwrites the pointer to the
previously allocated buffer leading to a memory
leak on windows

PR-URL: https://github.com/nodejs/node/pull/58915
Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Stefan Stojanovic <stefan.stojanovic@janeasystems.com>
This commit is contained in:
RafaelGSS 2025-06-16 15:57:10 -03:00
parent 8db664f72c
commit aad9030f5e
No known key found for this signature in database
GPG Key ID: 8BEAB4DFCF555EF4
2 changed files with 48 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/node_file.cc
View File

@ -1034,6 +1034,7 @@ static void ExistsSync(const FunctionCallbackInfo<Value>& args) {
// will **not** return an error and is therefore not enough.
// Double check with `uv_fs_stat()`.
if (err == 0) {
uv_fs_req_cleanup(&req);
FS_SYNC_TRACE_BEGIN(stat);
err = uv_fs_stat(nullptr, &req, path.out(), nullptr);
FS_SYNC_TRACE_END(stat);

47
test/parallel/test-fs-existssync-memleak-longpath.js Normal file
View File

@ -0,0 +1,47 @@
// Flags: --expose-gc --expose-internals
'use strict';
const common = require('../common');
const { checkIfCollectableByCounting } = require('../common/gc');
const assert = require('assert');
const fs = require('node:fs');
const path = require('node:path');
const tmpdir = require('../common/tmpdir');
const { internalBinding } = require('internal/test/binding');
const { FSReqCallback } = internalBinding('fs');
// The CVE primarily affects Windows but we should test on all platforms
{
tmpdir.refresh();
}
{
const longFileNamePart = 'a'.repeat(200);
const fileName = tmpdir.resolve(`long-file-name-${longFileNamePart}-for-memory-leak-test.txt`);
fs.writeFileSync(fileName, 'test content', 'utf8');
const fullPath = path.resolve(fileName);
assert(fs.existsSync(fullPath), 'Test file should exist');
async function runTest() {
try {
await checkIfCollectableByCounting(
() => {
for (let i = 0; i < 10; i++) {
fs.existsSync(fullPath);
}
return 10;
},
FSReqCallback,
10
);
} catch (err) {
assert.ifError(err, 'Memory leak detected: FSReqCallback objects were not collected');
} finally {
tmpdir.refresh();
}
}
runTest().then(common.mustCall());
}