mirror of
https://github.com/nodejs/node.git
synced 2025-08-15 13:48:44 +02:00
aad9030f5e
Refs: https://hackerone.com/reports/3184178 Calling uv_fs_stat() without first calling uv_fs_req_cleanup() overwrites the pointer to the previously allocated buffer leading to a memory leak on windows PR-URL: https://github.com/nodejs/node/pull/58915 Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Anna Henningsen <anna@addaleax.net> Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl> Reviewed-By: Stefan Stojanovic <stefan.stojanovic@janeasystems.com>
47 lines
1.3 KiB
JavaScript
47 lines
1.3 KiB
JavaScript
// Flags: --expose-gc --expose-internals
|
|
'use strict';
|
|
|
|
const common = require('../common');
|
|
const { checkIfCollectableByCounting } = require('../common/gc');
|
|
const assert = require('assert');
|
|
const fs = require('node:fs');
|
|
const path = require('node:path');
|
|
const tmpdir = require('../common/tmpdir');
|
|
const { internalBinding } = require('internal/test/binding');
|
|
const { FSReqCallback } = internalBinding('fs');
|
|
|
|
// The CVE primarily affects Windows but we should test on all platforms
|
|
|
|
{
|
|
tmpdir.refresh();
|
|
}
|
|
|
|
{
|
|
const longFileNamePart = 'a'.repeat(200);
|
|
const fileName = tmpdir.resolve(`long-file-name-${longFileNamePart}-for-memory-leak-test.txt`);
|
|
fs.writeFileSync(fileName, 'test content', 'utf8');
|
|
const fullPath = path.resolve(fileName);
|
|
|
|
assert(fs.existsSync(fullPath), 'Test file should exist');
|
|
|
|
async function runTest() {
|
|
try {
|
|
await checkIfCollectableByCounting(
|
|
() => {
|
|
for (let i = 0; i < 10; i++) {
|
|
fs.existsSync(fullPath);
|
|
}
|
|
return 10;
|
|
},
|
|
FSReqCallback,
|
|
10
|
|
);
|
|
} catch (err) {
|
|
assert.ifError(err, 'Memory leak detected: FSReqCallback objects were not collected');
|
|
} finally {
|
|
tmpdir.refresh();
|
|
}
|
|
}
|
|
|
|
runTest().then(common.mustCall());
|
|
}
|