Skip to content

Backport important Buffer changes to v5.x#7169

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ChALkeR merged 2 commits into from
Jun 19, 2016
Merged

Backport important Buffer changes to v5.x #7169

ChALkeR merged 2 commits into from
Jun 19, 2016

Conversation

@ChALkeR
Copy link
Member

@ChALkeRChALkeR commented Jun 5, 2016
edited
Loading

This backports three two Buffer-related commits to 5.x

  1. allocUnsafeSlow introduction from buffer: replace SlowBuffer with Buffer.allocUnsafeSlow(size) #5833.

    Buffer.alloc and Buffer.allocUnsafe are already backported to 5.x, while Buffer.allosUnsafeSlow isn't — that could be unexpected by users. The good thing is that allocUnsafeSlow (as SlowBuffer) is hopefully rarely used.

    This is a backport and was significantly changed from the original commit — it does not modify any existing code or tests, it just adds the new API method and tests for it. No deprecation is introduced in the docs.

  2. ignore negative allocation lengths from buffer: ignore negative allocation lengths #7051 — security-related.

    Merged in Backport «buffer: ignore negative allocation lengths» to v5.x #7221.

  3. add buffer testcase for resetting kZeroFill from lib,src: reset zero fill flag on exception #7093 — testcase for safeguard against accidental kNoZeroFill.

    This landed cleanly.

/cc @jasnell@trevnorris@bnoordhuis@addaleax

@ChALkeRChALkeR added buffer Issues and PRs related to the buffer subsystem. v5.x labels Jun 5, 2016
This was referenced Jun 5, 2016
Merged
Closed
@ChALkeR
Copy link
MemberAuthor

ChALkeR commented Jun 5, 2016

The first commit here is a semver-minor.

Can we get a semver-minor release in 5.x? That would also be good for backporting worker.exitedAfterDisconnect (ref: #3747 (comment)).

@ChALkeRChALkeR added the semver-minor PRs that contain new features and should be released in the next minor version. label Jun 5, 2016
@addaleax
Copy link
Member

addaleax commented Jun 5, 2016

LGTM

@evanlucas
Copy link
Contributor

evanlucas commented Jun 5, 2016

Yea I be happy to cut another v5 with some of these changes. Anyone oppose? /cc @nodejs/release

@ChALkeR
Copy link
MemberAuthor

ChALkeR commented Jun 5, 2016
edited
Loading

Ah, sorry. At least one commit here was actually already backported to 5.x, my local copy somewhy didn't get updated. Will rebase in a moment, it will be three commits here =).

@ChALkeR
Copy link
MemberAuthor

ChALkeR commented Jun 5, 2016

Rebased.

@ChALkeR
Copy link
MemberAuthor

ChALkeR commented Jun 5, 2016
edited
Loading

Uhm. Actually, after a rebase there is no need to have this grouped in one PR — all three commits here are independent and could be landed in any order now.

So if this gets stuck on the first change (the API backport) — we should better split this into separate PRs.

@jasnell
Copy link
Member

jasnell commented Jun 6, 2016

Will be able to take a look today.
On Jun 5, 2016 4:52 PM, "Сковорода Никита Андреевич" <
[email protected]> wrote:

Rebased.


You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#7169 (comment), or mute
the thread
https://github.com/notifications/unsubscribe/AAa2ecLHRMhCUd6GDuBRdEKHXoIXcZUEks5qI2EtgaJpZM4IueVf
.

@jasnell
Copy link
Member

jasnell commented Jun 6, 2016

LGTM

@MylesBorins
Copy link
Contributor

MylesBorins commented Jun 6, 2016

/cc @evanlucas

@ChALkeR
Copy link
MemberAuthor

ChALkeR commented Jun 8, 2016

Ok, not it's not clear if the next 5.x release will be a semver-minor one, so I'm splitting this in two PRs.

@ChALkeRChALkeR mentioned this pull request Jun 8, 2016
Merged
@ChALkeR
buffer: backport allocUnsafeSlow
0ca0827
This backports the new `Buffer.allocUnsafeSlow()` API for v5. This backport includes the new API, test cases, and docs additions. Already present API and testcases were not changed. PR-URL: nodejs#7169 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
@ChALkeR
test: add buffer testcase for resetting kZeroFill
03d36ae
Test failed or zero-sized Buffer allocations not affecting subsequent creations of typed arrays. PR-URL: nodejs#7169 Reviewed-By: James M Snell <[email protected]> Reviewed-By: Anna Henningsen <[email protected]>
@ChALkeR
Copy link
MemberAuthor

ChALkeR commented Jun 17, 2016

Rebased after landing #7221.

@ChALkeR
Copy link
MemberAuthor

ChALkeR commented Jun 17, 2016

I will land this tomorrow if there are no objections.
/cc @rvagg

@ChALkeR
Copy link
MemberAuthor

ChALkeR commented Jun 19, 2016

CI: https://ci.nodejs.org/job/node-test-pull-request/3031/

@ChALkeR
Copy link
MemberAuthor

ChALkeR commented Jun 19, 2016

CI is mostly green, failures (alpine and smartos) look unrelated. Landing.

@ChALkeRChALkeR merged commit 03d36ae into nodejs:v5.xJun 19, 2016
@ChALkeRChALkeR mentioned this pull request Jun 19, 2016
Closed
2 tasks
evanlucas added a commit that referenced this pull request Jun 23, 2016
@evanlucas
2016-06-23, Version 5.12.0 (Stable)
6a94383
Notable changes: This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases for details on patched vulnerabilities. * **buffer** * backport allocUnsafeSlow (Сковорода Никита Андреевич) [#7169](#7169) * ignore negative allocation lengths (Anna Henningsen) [#7221](#7221) * **deps**: backport 3a9bfec from v8 upstream (Ben Noordhuis) [nodejs/node-private#40](https://github.com/nodejs/node-private/pull/40) * Fixes a Buffer overflow vulnerability discovered in v8. More details can be found in the CVE (CVE-2016-1699). PR-URL: https://github.com/nodejs/node-private/pull/51
@MylesBorinsMylesBorins removed their assignment Dec 27, 2016
Pranay180420 pushed a commit to Pranay180420/Node.jsforme that referenced this pull request Feb 17, 2025
@evanlucas
2016-06-23, Version 5.12.0 (Stable)
325e119
Notable changes: This is a security release. All Node.js users should consult the security release summary at https://nodejs.org/en/blog/vulnerability/june-2016-security-releases for details on patched vulnerabilities. * **buffer** * backport allocUnsafeSlow (Сковорода Никита Андреевич) [#7169](nodejs/node#7169) * ignore negative allocation lengths (Anna Henningsen) [#7221](nodejs/node#7221) * **deps**: backport 3a9bfec from v8 upstream (Ben Noordhuis) [nodejs/node-private#40](https://github.com/nodejs/node-private/pull/40) * Fixes a Buffer overflow vulnerability discovered in v8. More details can be found in the CVE (CVE-2016-1699). PR-URL: https://github.com/nodejs/node-private/pull/51
Sign up for freeto join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@jasnelljasnell

Labels

bufferIssues and PRs related to the buffer subsystem.semver-minorPRs that contain new features and should be released in the next minor version.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@ChALkeR@addaleax@evanlucas@jasnell@MylesBorins