buffer: use stricter range checks by BridgeAR · Pull Request #27045 · nodejs/node (original) (raw)

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Conversation14 Commits2 Checks0 Files changed

Conversation

This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters

[ Show hidden characters]({{ revealButtonHref }})

This adds support to use offset and length arguments above uint32 and it validates the input to make sure the arguments do not overflow.
Before, if the input would overflow, it would cause the write to be
performt in the wrong spot / result in unexpected behavior.
Instead, just use a strict number validation.

Fixes: #27043

CITGM https://ci.nodejs.org/view/Node.js-citgm/job/citgm-smoker/1790/

Checklist

• make -j4 test (UNIX), or vcbuild test (Windows) passes
• tests and/or benchmarks are included
• documentation is changed or added
• commit message follows commit guidelines

BridgeAR added the semver-major

PRs that contain breaking changes and should be released in the next major version.

label

Apr 1, 2019

nodejs-github-bot added buffer

Issues and PRs related to the buffer subsystem.

errors

Issues and PRs related to JavaScript errors originated in Node.js core.

labels

Apr 1, 2019

This adds support to use offset and length arguments above uint32 and it validates the input to make sure the arguments do not overflow. Before, if the input would overflow, it would cause the write to be performt in the wrong spot / result in unexpected behavior. Instead, just use a strict number validation.

Fixes: nodejs#27043

@nodejs/buffer @nodejs/tsc PTAL

This could use some reviews.

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM with a clean CITGM

BridgeAR added the author ready

PRs that have at least one approval, no pending requests for changes, and a CI started.

label

Apr 5, 2019

Does it make sense to benchmark this change?

@Trott performance wise this shouldn't make a big difference and validation is IMO more important than squeezing out a few percent more.

@nodejs/buffer @nodejs/tsc PTAL. This requires one more LG from the TSC.

BridgeAR added a commit to BridgeAR/node that referenced this pull request

Apr 15, 2019

This validates the input to make sure the arguments do not overflow. Before, if the input would overflow, it would cause the write to be performt in the wrong spot / result in unexpected behavior. Instead, just use a strict number validation.

PR-URL: nodejs#27045 Fixes: nodejs#27043 Reviewed-By: Matteo Collina matteo.collina@gmail.com Reviewed-By: Rich Trott rtrott@gmail.com

BethGriggs added a commit that referenced this pull request

Apr 22, 2019

Notable changes:

• assert:
  • improve performance to instantiate errors (Ruben Bridgewater) #26738
  • validate required arguments (Ruben Bridgewater) #26641
  • adjust loose assertions (Ruben Bridgewater) #25008
• async_hooks:
  • remove deprecated emitBefore and emitAfter (Matteo Collina) #26530
  • remove promise object from resource (Andreas Madsen) #23443
• bootstrap
  • make Buffer and process non-enumerable (Ruben Bridgewater) #24874
• buffer:
  • use stricter range checks (Ruben Bridgewater) #27045
  • harden SlowBuffer creation (ZYSzys) #26272
  • harden validation of buffer allocation size (ZYSzys) #26162
  • do proper error propagation in addon methods (Anna Henningsen) #23939
• child_process:
  • change the defaults maxBuffer size (kohta ito) #27179
  • harden fork arguments validation (ZYSzys) #27039
  • use non-infinite maxBuffer defaults (kohta ito) #23027
• console:
  • don't use ANSI escape codes when TERM=dumb (Vladislav Kaminsky) #26261
• crypto:
  • remove legacy native handles (Tobias Nießen) #27011
  • decode missing passphrase errors (Tobias Nießen) #25208
  • move DEP0113 to End-of-Life (Tobias Nießen) #26249
  • remove deprecated crypto._toBuf (Tobias Nießen) #25338
  • set DEFAULT\_ENCODING property to non-enumerable (Antoine du Hamel) #23222
• deps:
  • silence irrelevant V8 warning (Michaël Zasso) #26685
  • update postmortem metadata generation script (cjihrig) #26685
  • V8: un-cherry-pick bd019bd (Refael Ackermann) #26685
  • V8: cherry-pick 6 commits (Michaël Zasso) #26685
  • V8: cherry-pick d82c9af (Anna Henningsen) #26685
  • V8: cherry-pick e5f01ba (Anna Henningsen) #26685
  • V8: cherry-pick d5f08e4 (Anna Henningsen) #26685
  • V8: cherry-pick 6b09d21 (Anna Henningsen) #26685
  • V8: cherry-pick f0bb5d2 (Anna Henningsen) #26685
  • V8: cherry-pick 5b0510d (Anna Henningsen) #26685
  • V8: cherry-pick 91f0cd0 (Anna Henningsen) #26685
  • V8: cherry-pick 392316d (Anna Henningsen) #26685
  • V8: cherry-pick 2f79d68 (Anna Henningsen) #26685
  • sync V8 gypfiles with 7.4 (Ujjwal Sharma) #26685
  • update V8 to 7.4.288.13 (Ujjwal Sharma) #26685
  • bump minimum icu version to 63 (Ujjwal Sharma) #25852
  • silence irrelevant V8 warnings (Michaël Zasso) #25852
  • V8: cherry-pick 7803fa6 (Jon Kunkee) #25852
  • V8: cherry-pick 58cefed (Jon Kunkee) #25852
  • V8: cherry-pick d3308d0 (Michaël Zasso) #25852
  • V8: cherry-pick 74571c8 (Michaël Zasso) #25852
  • cherry-pick fc0ddf5 from upstream V8 (Anna Henningsen) #25852
  • sync V8 gypfiles with 7.3 (Ujjwal Sharma) #25852
  • sync V8 gypfiles with 7.2 (Michaël Zasso) #25852
  • update V8 to 7.3.492.25 (Michaël Zasso) #25852
  • add s390 asm rules for OpenSSL-1.1.1 (Shigeki Ohtsu) #19794
  • sync V8 gypfiles with 7.1 (Refael Ackermann) #23423
  • update V8 to 7.1.302.28 (Michaël Zasso) #23423
• doc:
  • update behaviour of fs.writeFile (Sakthipriyan Vairamani (thefourtheye)) #25080
  • add internal functionality details of util.inherits (Ruben Bridgewater) #24755
• errors:
  • update error name (Ruben Bridgewater) #26738
• fs:
  • use proper .destroy() implementation for SyncWriteStream (Matteo Collina) #26690
  • improve mode validation (Ruben Bridgewater) #26575
  • harden validation of start option in createWriteStream (ZYSzys) #25579
  • make writeFile consistent with readFile wrt fd (Sakthipriyan Vairamani (thefourtheye)) #23709
• http:
  • validate timeout in ClientRequest() (cjihrig) #26214
  • return HTTP 431 on HPE_HEADER_OVERFLOW error (Albert Still) #25605
  • switch default parser to llhttp (Anna Henningsen) #24870
  • change DEP0066 to a runtime deprecation (Morgan Roderick) #24167
  • else case is not reachable (szabolcsit) #24176
• lib:
  • move DEP0021 to end of life (cjihrig) #27127
  • remove Atomics.wake (Gus Caplan) #27033
  • validate Error.captureStackTrace() calls (Ruben Bridgewater) #26738
  • refactor Error.captureStackTrace() usage (Ruben Bridgewater) #26738
  • move DTRACE_* probes out of global scope (James M Snell) #26541
  • deprecate _stream_wrap (Sam Roberts) [#26245] (#26245)
  • don't use util.inspect() internals (Ruben Bridgewater) #24971
  • improve error message for MODULE_NOT_FOUND (Ali Ijaz Sheikh) #25690
  • requireStack property for MODULE_NOT_FOUND (Ali Ijaz Sheikh) #25690
  • move DEP0029 to end of life (cjihrig) #25377
  • move DEP0028 to end of life (cjihrig) #25377
  • move DEP0027 to end of life (cjihrig) #25377
  • move DEP0026 to end of life (cjihrig) #25377
  • move DEP0023 to end of life (cjihrig) #25280
  • move DEP0006 to end of life (cjihrig) #25279
  • remove unintended access to deps/ (Anna Henningsen) #25138
  • move DEP0120 to end of life (cjihrig) #24862
  • use ES6 class inheritance style (Ruben Bridgewater) #24755
  • remove inherits() usage (Ruben Bridgewater) #24755
• module:
  • remove dead code (Ruben Bridgewater) #26983
  • mark DEP0019 as End-of-Life (Ruben Bridgewater) #26973
  • throw an error for invalid package.json main entries (Ruben Bridgewater) #26823
  • don't search in require.resolve.paths (cjihrig) #23683
• n-api:
  • remove code from error name (Ruben Bridgewater) #26738
• net:
  • do not manipulate potential user code (Ruben Bridgewater) #26751
  • emit "write after end" errors in the next tick (Ouyang Yadong) #24457
  • deprecate _setSimultaneousAccepts() undocumented function (James M Snell) #23760
• net,http2:
  • merge setTimeout code (ZYSzys) #25084
• os:
  • implement os.type() using uv_os_uname() (cjihrig) #25659
• process:
  • global.process, global.Buffer getters (Guy Bedford) #26882
  • move DEP0062 (node --debug) to end-of-life (Joyee Cheung) #25828
  • exit on --debug and --debug-brk after option parsing (Joyee Cheung) #25828
  • improve --redirect-warnings handling (Ruben Bridgewater) #24965
• readline:
  • support TERM=dumb (Vladislav Kaminsky) #26261
• repl:
  • add welcome message (gengjiawen) #25947
  • fix terminal default setting (Ruben Bridgewater) #26518
  • check colors with .getColorDepth() (Vladislav Kaminsky) #26261
  • deprecate REPLServer.rli (Ruben Bridgewater) #26260
• src:
  • remove unused INT_MAX constant (Sam Roberts) #27078
  • update NODE_MODULE_VERSION to 72 (Ujjwal Sharma) #26685
  • remove AddPromiseHook() (Anna Henningsen) #26574
  • update NODE_MODULE_VERSION to 71 (Michaël Zasso) #25852
  • clean up MultiIsolatePlatform interface (Anna Henningsen) #26384
  • properly configure default heap limits (Ali Ijaz Sheikh) #25576
  • remove icuDataDir from node config (GauthamBanasandra) #24780
  • explicitly allow JS in ReadHostObject (Yang Guo) #23423
  • update postmortem constant (cjihrig) #23423
  • update NODE_MODULE_VERSION to 68 (Michaël Zasso) #23423
• tls:
  • support TLSv1.3 (Sam Roberts) #26209
  • return correct version from getCipher() (Sam Roberts) #26625
  • check arg types of renegotiate() (Sam Roberts) #25876
  • add code for ERR_TLS_INVALID_PROTOCOL_METHOD (Sam Roberts) #24729
  • emit a warning when servername is an IP address (Rodger Combs) #23329
  • disable TLS v1.0 and v1.1 by default (Ben Noordhuis) #23814
  • remove unused arg to createSecureContext() (Sam Roberts) #24241
  • deprecate Server.prototype.setOptions() (cjihrig) #23820
  • load NODE_EXTRA_CA_CERTS at startup (Ouyang Yadong) #23354
• util:
  • change inspect compact and breakLength default (Ruben Bridgewater) #27109
  • improve inspect edge cases (Ruben Bridgewater) #27109
  • only the first line of the error message (Simon Zünd) #26685
  • don't set the prototype of callbackified functions (Ruben Bridgewater) #26893
  • rename callbackified function (Ruben Bridgewater) #26893
  • increase function length when using callbackify() (Ruben Bridgewater) #26893
  • prevent tampering with internals in inspect() (Ruben Bridgewater) #26577
  • fix proxy inspection (Ruben Bridgewater) #26241
  • prevent leaking internal properties (Ruben Bridgewater) #24971
  • protect against monkeypatched Object prototype for inspect() (Rich Trott) #25953
  • treat format arguments equally (Roman Reiss) #23162
• win, fs:
  • detect if symlink target is a directory (Bartosz Sosnowski) #23724
• zlib:
  • throw TypeError if callback is missing (Anna Henningsen) #24929
  • make “bare” constants un-enumerable (Anna Henningsen) #24824

PR-URL: #26930

BethGriggs added a commit that referenced this pull request

Apr 23, 2019

Notable changes:

• assert:
  • validate required arguments (Ruben Bridgewater) #26641
  • adjust loose assertions (Ruben Bridgewater) #25008
• async_hooks:
  • remove deprecated emitBefore and emitAfter (Matteo Collina) #26530
  • remove promise object from resource (Andreas Madsen) #23443
• bootstrap: make Buffer and process non-enumerable (Ruben Bridgewater) #24874
• buffer:
  • use stricter range checks (Ruben Bridgewater) #27045
  • harden SlowBuffer creation (ZYSzys) #26272
  • harden validation of buffer allocation size (ZYSzys) #26162
  • do proper error propagation in addon methods (Anna Henningsen) #23939
• child_process:
  • remove options.customFds (cjihrig) #25279
  • harden fork arguments validation (ZYSzys) #27039
  • use non-infinite maxBuffer defaults (kohta ito) #23027
• console:
  • don't use ANSI escape codes when TERM=dumb (Vladislav Kaminsky) #26261
• crypto:
  • remove legacy native handles (Tobias Nießen) #27011
  • decode missing passphrase errors (Tobias Nießen) #25208
  • remove Cipher.setAuthTag() and Decipher.getAuthTag() (Tobias Nießen) #26249
  • remove deprecated crypto._toBuf() (Tobias Nießen) #25338
  • set DEFAULT\_ENCODING property to non-enumerable (Antoine du Hamel) #23222
• deps:
  • update V8 to 7.4.288.13 (Michaël Zasso, cjihrig, Refael Ackermann) (Anna Henningsen, Ujjwal Sharma) #26685
  • bump minimum icu version to 63 (Ujjwal Sharma) #25852
  • update OpenSSL to 1.1.1b (Sam Roberts, Shigeki Ohtsu) #26327
• errors:
  • update error name (Ruben Bridgewater) #26738
• fs:
  • use proper .destroy() implementation for SyncWriteStream (Matteo Collina) #26690
  • improve mode validation (Ruben Bridgewater) #26575
  • harden validation of start option in createWriteStream() (ZYSzys) #25579
  • make writeFile consistent with readFile wrt fd (Sakthipriyan Vairamani (thefourtheye)) #23709
• http:
  • validate timeout in ClientRequest() (cjihrig) #26214
  • return HTTP 431 on HPE_HEADER_OVERFLOW error (Albert Still) #25605
  • switch default parser to llhttp (Anna Henningsen) #24870
  • Runtime-deprecate outgoingMessage._headers and outgoingMessage._headerNames (Morgan Roderick) #24167
• lib:
  • remove Atomics.wake() (Gus Caplan) #27033
  • move DTRACE_* probes out of global scope (James M Snell) #26541
  • deprecate _stream_wrap (Sam Roberts) #26245
  • use ES6 class inheritance style (Ruben Bridgewater) #24755
• module:
  • remove unintended access to deps/ (Anna Henningsen) #25138
  • improve error message for MODULE_NOT_FOUND (Ali Ijaz Sheikh) #25690
  • requireStack property for MODULE_NOT_FOUND (Ali Ijaz Sheikh) #25690
  • remove dead code (Ruben Bridgewater) #26983
  • make require('.') never resolve outside the current directory (Ruben Bridgewater) #26973
  • throw an error for invalid package.json main entries (Ruben Bridgewater) #26823
  • don't search in require.resolve.paths (cjihrig) #23683
• net:
  • remove Server.listenFD() (cjihrig) #27127
  • do not add .host and .port properties to DNS error (Ruben Bridgewater) #26751
  • emit "write after end" errors in the next tick (Ouyang Yadong) #24457
  • deprecate _setSimultaneousAccepts() undocumented function (James M Snell) #23760
• os:
  • implement os.type() using uv_os_uname() (cjihrig) #25659
  • remove os.getNetworkInterfaces() (cjihrig) #25280
• process:
  • make global.process, global.Buffer getters (Guy Bedford) #26882
  • move DEP0062 (node --debug) to end-of-life (Joyee Cheung) #25828
  • exit on --debug and --debug-brk after option parsing (Joyee Cheung) #25828
  • improve --redirect-warnings handling (Ruben Bridgewater) #24965
• readline:
  • support TERM=dumb (Vladislav Kaminsky) #26261
• repl:
  • add welcome message (gengjiawen) #25947
  • fix terminal default setting (Ruben Bridgewater) #26518
  • check colors with .getColorDepth() (Vladislav Kaminsky) #26261
  • deprecate REPLServer.rli (Ruben Bridgewater) #26260
• src:
  • remove unused INT_MAX constant (Sam Roberts) #27078
  • update NODE_MODULE_VERSION to 72 (Ujjwal Sharma) #26685
  • remove AddPromiseHook() (Anna Henningsen) #26574
  • clean up MultiIsolatePlatform interface (Anna Henningsen) #26384
  • properly configure default heap limits (Ali Ijaz Sheikh) #25576
  • remove icuDataDir from node config (GauthamBanasandra) #24780
• tls:
  • support TLSv1.3 (Sam Roberts) #26209
  • return correct version from getCipher() (Sam Roberts) #26625
  • check arg types of renegotiate() (Sam Roberts) #25876
  • add code for ERR_TLS_INVALID_PROTOCOL_METHOD (Sam Roberts) #24729
  • emit a warning when servername is an IP address (Rodger Combs) #23329
  • disable TLS v1.0 and v1.1 by default (Ben Noordhuis) #23814
  • remove unused arg to createSecureContext() (Sam Roberts) #24241
  • deprecate Server.prototype.setOptions() (cjihrig) #23820
  • load NODE_EXTRA_CA_CERTS at startup (Ouyang Yadong) #23354
• util:
  • remove util.print(), util.puts(), util.debug() and util.error() (cjihrig) #25377
  • change inspect compact and breakLength default (Ruben Bridgewater) #27109
  • improve inspect edge cases (Ruben Bridgewater) #27109
  • only the first line of the error message (Simon Zünd) #26685
  • don't set the prototype of callbackified functions (Ruben Bridgewater) #26893
  • rename callbackified function (Ruben Bridgewater) #26893
  • increase function length when using callbackify() (Ruben Bridgewater) #26893
  • prevent tampering with internals in inspect() (Ruben Bridgewater) #26577
  • prevent Proxy traps being triggered by .inspect() (Ruben Bridgewater) #26241
  • prevent leaking internal properties (Ruben Bridgewater) #24971
  • protect against monkeypatched Object prototype for inspect() (Rich Trott) #25953
  • treat format arguments equally (Roman Reiss) #23162
• win, fs:
  • detect if symlink target is a directory (Bartosz Sosnowski) #23724
• zlib:
  • throw TypeError if callback is missing (Anna Henningsen) #24929
  • make “bare” constants un-enumerable (Anna Henningsen) #24824

PR-URL: #26930

BethGriggs added a commit that referenced this pull request

Apr 23, 2019

Notable changes:

• assert:
  • validate required arguments (Ruben Bridgewater) #26641
  • adjust loose assertions (Ruben Bridgewater) #25008
• async_hooks:
  • remove deprecated emitBefore and emitAfter (Matteo Collina) #26530
  • remove promise object from resource (Andreas Madsen) #23443
• bootstrap: make Buffer and process non-enumerable (Ruben Bridgewater) #24874
• buffer:
  • use stricter range checks (Ruben Bridgewater) #27045
  • harden SlowBuffer creation (ZYSzys) #26272
  • harden validation of buffer allocation size (ZYSzys) #26162
  • do proper error propagation in addon methods (Anna Henningsen) #23939
• child_process:
  • remove options.customFds (cjihrig) #25279
  • harden fork arguments validation (ZYSzys) #27039
  • use non-infinite maxBuffer defaults (kohta ito) #23027
• console:
  • don't use ANSI escape codes when TERM=dumb (Vladislav Kaminsky) #26261
• crypto:
  • remove legacy native handles (Tobias Nießen) #27011
  • decode missing passphrase errors (Tobias Nießen) #25208
  • remove Cipher.setAuthTag() and Decipher.getAuthTag() (Tobias Nießen) #26249
  • remove deprecated crypto._toBuf() (Tobias Nießen) #25338
  • set DEFAULT\_ENCODING property to non-enumerable (Antoine du Hamel) #23222
• deps:
  • update V8 to 7.4.288.13 (Michaël Zasso, cjihrig, Refael Ackermann) (Anna Henningsen, Ujjwal Sharma) #26685
  • bump minimum icu version to 63 (Ujjwal Sharma) #25852
  • update OpenSSL to 1.1.1b (Sam Roberts, Shigeki Ohtsu) #26327
• errors:
  • update error name (Ruben Bridgewater) #26738
• fs:
  • use proper .destroy() implementation for SyncWriteStream (Matteo Collina) #26690
  • improve mode validation (Ruben Bridgewater) #26575
  • harden validation of start option in createWriteStream() (ZYSzys) #25579
  • make writeFile consistent with readFile wrt fd (Sakthipriyan Vairamani (thefourtheye)) #23709
• http:
  • validate timeout in ClientRequest() (cjihrig) #26214
  • return HTTP 431 on HPE_HEADER_OVERFLOW error (Albert Still) #25605
  • switch default parser to llhttp (Anna Henningsen) #24870
  • Runtime-deprecate outgoingMessage._headers and outgoingMessage._headerNames (Morgan Roderick) #24167
• lib:
  • remove Atomics.wake() (Gus Caplan) #27033
  • move DTRACE_* probes out of global scope (James M Snell) #26541
  • deprecate _stream_wrap (Sam Roberts) #26245
  • use ES6 class inheritance style (Ruben Bridgewater) #24755
• module:
  • remove unintended access to deps/ (Anna Henningsen) #25138
  • improve error message for MODULE_NOT_FOUND (Ali Ijaz Sheikh) #25690
  • requireStack property for MODULE_NOT_FOUND (Ali Ijaz Sheikh) #25690
  • remove dead code (Ruben Bridgewater) #26983
  • make require('.') never resolve outside the current directory (Ruben Bridgewater) #26973
  • throw an error for invalid package.json main entries (Ruben Bridgewater) #26823
  • don't search in require.resolve.paths (cjihrig) #23683
• net:
  • remove Server.listenFD() (cjihrig) #27127
  • do not add .host and .port properties to DNS error (Ruben Bridgewater) #26751
  • emit "write after end" errors in the next tick (Ouyang Yadong) #24457
  • deprecate _setSimultaneousAccepts() undocumented function (James M Snell) #23760
• os:
  • implement os.type() using uv_os_uname() (cjihrig) #25659
  • remove os.getNetworkInterfaces() (cjihrig) #25280
• process:
  • make global.process, global.Buffer getters (Guy Bedford) #26882
  • move DEP0062 (node --debug) to end-of-life (Joyee Cheung) #25828
  • exit on --debug and --debug-brk after option parsing (Joyee Cheung) #25828
  • improve --redirect-warnings handling (Ruben Bridgewater) #24965
• readline:
  • support TERM=dumb (Vladislav Kaminsky) #26261
• repl:
  • add welcome message (gengjiawen) #25947
  • fix terminal default setting (Ruben Bridgewater) #26518
  • check colors with .getColorDepth() (Vladislav Kaminsky) #26261
  • deprecate REPLServer.rli (Ruben Bridgewater) #26260
• src:
  • remove unused INT_MAX constant (Sam Roberts) #27078
  • update NODE_MODULE_VERSION to 72 (Ujjwal Sharma) #26685
  • remove AddPromiseHook() (Anna Henningsen) #26574
  • clean up MultiIsolatePlatform interface (Anna Henningsen) #26384
  • properly configure default heap limits (Ali Ijaz Sheikh) #25576
  • remove icuDataDir from node config (GauthamBanasandra) #24780
• tls:
  • support TLSv1.3 (Sam Roberts) #26209
  • return correct version from getCipher() (Sam Roberts) #26625
  • check arg types of renegotiate() (Sam Roberts) #25876
  • add code for ERR_TLS_INVALID_PROTOCOL_METHOD (Sam Roberts) #24729
  • emit a warning when servername is an IP address (Rodger Combs) #23329
  • disable TLS v1.0 and v1.1 by default (Ben Noordhuis) #23814
  • remove unused arg to createSecureContext() (Sam Roberts) #24241
  • deprecate Server.prototype.setOptions() (cjihrig) #23820
  • load NODE_EXTRA_CA_CERTS at startup (Ouyang Yadong) #23354
• util:
  • remove util.print(), util.puts(), util.debug() and util.error() (cjihrig) #25377
  • change inspect compact and breakLength default (Ruben Bridgewater) #27109
  • improve inspect edge cases (Ruben Bridgewater) #27109
  • only the first line of the error message (Simon Zünd) #26685
  • don't set the prototype of callbackified functions (Ruben Bridgewater) #26893
  • rename callbackified function (Ruben Bridgewater) #26893
  • increase function length when using callbackify() (Ruben Bridgewater) #26893
  • prevent tampering with internals in inspect() (Ruben Bridgewater) #26577
  • prevent Proxy traps being triggered by .inspect() (Ruben Bridgewater) #26241
  • prevent leaking internal properties (Ruben Bridgewater) #24971
  • protect against monkeypatched Object prototype for inspect() (Rich Trott) #25953
  • treat format arguments equally (Roman Reiss) #23162
• win, fs:
  • detect if symlink target is a directory (Bartosz Sosnowski) #23724
• zlib:
  • throw TypeError if callback is missing (Anna Henningsen) #24929
  • make “bare” constants un-enumerable (Anna Henningsen) #24824

PR-URL: #26930

This was referenced

Apr 23, 2019

This was referenced

Apr 23, 2019

BridgeAR deleted the improve-buffer-input-checks branch

January 20, 2020 12:01

Labels

author ready

PRs that have at least one approval, no pending requests for changes, and a CI started.

buffer

Issues and PRs related to the buffer subsystem.

errors

Issues and PRs related to JavaScript errors originated in Node.js core.

review wanted

PRs that need reviews.

semver-major

PRs that contain breaking changes and should be released in the next major version.