Skip to content

src: handle null backing store in ArrayBufferViewContents::Read#62343

Open
mertcanaltin wants to merge 1 commit intonodejs:mainfrom
mertcanaltin:mert/fix/ccm-zero-length-dataview
Open

src: handle null backing store in ArrayBufferViewContents::Read#62343
mertcanaltin wants to merge 1 commit intonodejs:mainfrom
mertcanaltin:mert/fix/ccm-zero-length-dataview

Conversation

@mertcanaltin
Copy link
Member

@mertcanaltin mertcanaltin commented Mar 19, 2026

added fallback stack_storage for null scenario

for:#62342

@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. labels Mar 19, 2026
@mertcanaltin mertcanaltin mentioned this pull request Mar 19, 2026
Open
@mertcanaltin mertcanaltin force-pushed the mert/fix/ccm-zero-length-dataview branch from 664507a to 88f8f03 Compare March 19, 2026 20:58
@codecov
Copy link

codecov bot commented Mar 19, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 75.00000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 89.69%. Comparing base (0998c37) to head (8104939).
⚠️ Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
src/util-inl.h 75.00% 0 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #62343      +/-   ##
==========================================
- Coverage   91.60%   89.69%   -1.91%     
==========================================
  Files         337      676     +339     
  Lines      140741   206696   +65955     
  Branches    21797    39573   +17776     
==========================================
+ Hits       128923   185397   +56474     
- Misses      11594    13443    +1849     
- Partials      224     7856    +7632
Files with missing lines Coverage Δ
src/util-inl.h 82.69% <75.00%> (ø)

... and 458 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

panva
panva reviewed Mar 20, 2026
View reviewed changes
Copy link
Member

@panva panva left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With ArrayBufferViewContents being used broadly throughout node's codebase I wonder if we can be sure this is entirely without side effects. I cannot assess that.

That being said, it does fix the particular node:crypto issue reported.

@mertcanaltin
Copy link
Member Author

mertcanaltin commented Mar 20, 2026
edited
Loading

With ArrayBufferViewContents being used broadly throughout node's codebase I wonder if we can be sure this is entirely without side effects. I cannot assess that.

That being said, it does fix the particular node:crypto issue reported.

I went through all 19 files that use ArrayBufferViewContents, every usage passes data() alongside length(), and none dereferences the pointer when length is 0. Currently data_ can already be null in this scenario, this fix just ensures it's a valid pointer instead, so it's strictly safer than the current behavior.

@panva
Copy link
Member

panva commented Mar 20, 2026

I went through all 19 files that use ArrayBufferViewContents, every usage passes data() alongside length(), and none dereferences the pointer when length is 0. Currently data_ can already be null in this scenario, this fix just ensures it's a valid pointer instead, so it's strictly safer than the current behavior.

Very well, can you update the commit message to src: handle null backing store in ArrayBufferViewContents::Read?

@mertcanaltin mertcanaltin force-pushed the mert/fix/ccm-zero-length-dataview branch from 88f8f03 to 8104939 Compare March 20, 2026 10:11
@mertcanaltin
Copy link
Member Author

mertcanaltin commented Mar 20, 2026

I went through all 19 files that use ArrayBufferViewContents, every usage passes data() alongside length(), and none dereferences the pointer when length is 0. Currently data_ can already be null in this scenario, this fix just ensures it's a valid pointer instead, so it's strictly safer than the current behavior.

Very well, can you update the commit message to src: handle null backing store in ArrayBufferViewContents::Read?

sure, edited thanks

@panva panva changed the title src: ccm cipher update with zero-length dataView src: handle null backing store in ArrayBufferViewContents::Read Mar 20, 2026
@panva panva added author ready PRs that have at least one approval, no pending requests for changes, and a CI started. request-ci Add this label to start a Jenkins CI on a PR. labels Mar 20, 2026
Renegade334
Renegade334 approved these changes Mar 20, 2026
View reviewed changes
src/util-inl.h
Comment on lines +594 to +597
auto buf = abv->Buffer();
data_ = buf->Data() != nullptr
? static_cast<T*>(buf->Data()) + abv->ByteOffset()
: stack_storage_;
Copy link
Member

@Renegade334 Renegade334 Mar 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit:

Suggested change
auto buf = abv->Buffer();
data_ = buf->Data() != nullptr
? static_cast<T*>(buf->Data()) + abv->ByteOffset()
: stack_storage_;
auto buf_data = abv->Buffer()->Data();
data_ = buf_data != nullptr
? static_cast<T*>(buf_data) + abv->ByteOffset()
: stack_storage_;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@panva panva panva approved these changes

@addaleax addaleax addaleax approved these changes

@Renegade334 Renegade334 Renegade334 approved these changes

Assignees

No one assigned

Labels

author ready PRs that have at least one approval, no pending requests for changes, and a CI started. c++ Issues and PRs that require attention from people who are familiar with C++. needs-ci PRs that need a full CI run. request-ci Add this label to start a Jenkins CI on a PR.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@mertcanaltin @panva @addaleax @Renegade334 @nodejs-github-bot