Backport important Buffer changes to v5.x #7169
Conversation
|
The first commit here is a Can we get a semver-minor release in 5.x? That would also be good for backporting |
ChALkeR
added
the
semver-minor
|
LGTM |
|
Yea I be happy to cut another v5 with some of these changes. Anyone oppose? /cc @nodejs/release |
|
Ah, sorry. At least one commit here was actually already backported to 5.x, my local copy somewhy didn't get updated. Will rebase in a moment, it will be three commits here =). |
|
Rebased. |
|
Uhm. Actually, after a rebase there is no need to have this grouped in one PR — all three commits here are independent and could be landed in any order now. So if this gets stuck on the first change (the API backport) — we should better split this into separate PRs. |
|
Will be able to take a look today.
|
|
LGTM |
|
/cc @evanlucas |
|
Ok, not it's not clear if the next 5.x release will be a semver-minor one, so I'm splitting this in two PRs. |
This backports the new `Buffer.allocUnsafeSlow()` API for v5. This backport includes the new API, test cases, and docs additions. Already present API and testcases were not changed. PR-URL: nodejs#7169 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
Test failed or zero-sized Buffer allocations not affecting subsequent creations of typed arrays. PR-URL: nodejs#7169 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net>
|
Rebased after landing #7221. |
|
I will land this tomorrow if there are no objections. |
|
CI is mostly green, failures (alpine and smartos) look unrelated. Landing. |
Notable changes: This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases for details on patched vulnerabilities. * **buffer** * backport allocUnsafeSlow (Сковорода Никита Андреевич) [#7169](#7169) * ignore negative allocation lengths (Anna Henningsen) [#7221](#7221) * **deps**: backport 3a9bfec from v8 upstream (Ben Noordhuis) [nodejs/node-private#40](https://github.com/nodejs/node-private/pull/40) * Fixes a Buffer overflow vulnerability discovered in v8. More details can be found in the CVE (CVE-2016-1699). PR-URL: https://github.com/nodejs/node-private/pull/51
This backports
threetwoBuffer-related commits to 5.xallocUnsafeSlowintroduction from buffer: replace SlowBuffer with Buffer.allocUnsafeSlow(size) #5833.Buffer.allocandBuffer.allocUnsafeare already backported to 5.x, whileBuffer.allosUnsafeSlowisn't — that could be unexpected by users. The good thing is thatallocUnsafeSlow(asSlowBuffer) is hopefully rarely used.This is a backport and was significantly changed from the original commit — it does not modify any existing code or tests, it just adds the new API method and tests for it. No deprecation is introduced in the docs.
ignore negative allocation lengthsfrom buffer: ignore negative allocation lengths #7051 — security-related.Merged in Backport «buffer: ignore negative allocation lengths» to v5.x #7221.
add buffer testcase for resetting kZeroFillfrom lib,src: reset zero fill flag on exception #7093 — testcase forsafeguard against accidental kNoZeroFill.This landed cleanly.
/cc @jasnell @trevnorris @bnoordhuis @addaleax