gre-ilya/libuv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge 0be2a8f9c8 into ec0ab5d77d

Browse Source
This commit is contained in:
locus-x64 2026-03-13 16:16:25 +05:00 committed by GitHub
commit 662ab02eed
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 37 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/unix/process.c
View File

@ -993,6 +993,10 @@ int uv_spawn(uv_loop_t* loop,
process->status = 0; process->status = 0;
stdio_count = options->stdio_count; stdio_count = options->stdio_count;
if (stdio_count < 0 || (size_t) stdio_count > SIZE_MAX / sizeof(*pipes)) {
err = UV_EINVAL;
goto error;
}
if (stdio_count < 3) if (stdio_count < 3)
stdio_count = 3; stdio_count = 3;

5
src/win/process-stdio.c
View File

@ -175,8 +175,9 @@ int uv__stdio_create(uv_loop_t* loop,
count = options->stdio_count; count = options->stdio_count;
if (count < 0 || count > 255) { if (count < 0 ||
/* Only support FDs 0-255 */ (size_t) count > (SIZE_MAX - sizeof(int)) /
(sizeof(unsigned char) + sizeof(uintptr_t))) {
return ERROR_NOT_SUPPORTED; return ERROR_NOT_SUPPORTED;
} else if (count < 3) { } else if (count < 3) {
/* There should always be at least 3 stdio handles. */ /* There should always be at least 3 stdio handles. */

35
src/win/process.c
View File

@ -186,8 +186,15 @@ static WCHAR* search_path_join_test(const WCHAR* dir,
} }
/* Allocate buffer for output */ /* Allocate buffer for output */
result = result_pos = (WCHAR*)uv__malloc(sizeof(WCHAR) * {
(cwd_len + 1 + dir_len + 1 + name_len + 1 + ext_len + 1)); size_t alloc_len = cwd_len + 1 + dir_len + 1 + name_len + 1 + ext_len + 1;
if (alloc_len > SIZE_MAX / sizeof(WCHAR) ||
alloc_len < cwd_len /* overflow in the addition */) {
SetLastError(ERROR_OUTOFMEMORY);
return NULL;
}
result = result_pos = (WCHAR*)uv__malloc(sizeof(WCHAR) * alloc_len);
}
/* Copy cwd */ /* Copy cwd */
wcsncpy(result_pos, cwd, cwd_len); wcsncpy(result_pos, cwd, cwd_len);
@ -546,6 +553,10 @@ int make_program_args(char** args, int verbatim_arguments, WCHAR** dst_ptr) {
/* Adjust for potential quotes. Also assume the worst-case scenario that /* Adjust for potential quotes. Also assume the worst-case scenario that
* every character needs escaping, so we need twice as much space. */ * every character needs escaping, so we need twice as much space. */
if (dst_len > (SIZE_MAX / sizeof(WCHAR) - arg_count * 2) / 2) {
err = UV_EINVAL;
goto error;
}
dst_len = dst_len * 2 + arg_count * 2; dst_len = dst_len * 2 + arg_count * 2;
/* Allocate buffer for the final command line. */ /* Allocate buffer for the final command line. */
@ -671,6 +682,8 @@ int make_program_env(char* env_block[], WCHAR** dst_ptr) {
/* second pass: copy to UTF-16 environment block */ /* second pass: copy to UTF-16 environment block */
len = env_block_count * sizeof(WCHAR*); len = env_block_count * sizeof(WCHAR*);
if (env_len > (SIZE_MAX - len) / sizeof(WCHAR))
return UV_EINVAL;
p = uv__malloc(len + env_len * sizeof(WCHAR)); p = uv__malloc(len + env_len * sizeof(WCHAR));
if (p == NULL) { if (p == NULL) {
return UV_ENOMEM; return UV_ENOMEM;
@ -724,6 +737,10 @@ int make_program_env(char* env_block[], WCHAR** dst_ptr) {
} }
/* final pass: copy, in sort order, and inserting required variables */ /* final pass: copy, in sort order, and inserting required variables */
if (env_len > SIZE_MAX / sizeof(WCHAR) - 1) {
uv__free(p);
return UV_EINVAL;
}
dst = uv__malloc((1+env_len) * sizeof(WCHAR)); dst = uv__malloc((1+env_len) * sizeof(WCHAR));
if (!dst) { if (!dst) {
uv__free(p); uv__free(p);
@ -747,13 +764,21 @@ int make_program_env(char* env_block[], WCHAR** dst_ptr) {
/* missing required var */ /* missing required var */
len = required_vars_value_len[i]; len = required_vars_value_len[i];
if (len) { if (len) {
size_t remaining;
wcscpy(ptr, required_vars[i].wide_eq); wcscpy(ptr, required_vars[i].wide_eq);
ptr += required_vars[i].len; ptr += required_vars[i].len;
remaining = env_len - (ptr - dst);
if (remaining > (size_t) INT_MAX)
remaining = (size_t) INT_MAX;
var_size = GetEnvironmentVariableW(required_vars[i].wide, var_size = GetEnvironmentVariableW(required_vars[i].wide,
ptr, ptr,
(int) (env_len - (ptr - dst))); (int) remaining);
if (var_size != (DWORD) (len - 1)) { /* TODO: handle race condition? */ if (var_size == 0 || var_size >= remaining) {
uv_fatal_error(GetLastError(), "GetEnvironmentVariableW"); /* Env var was deleted or grew since we measured it; skip it. */
ptr -= required_vars[i].len;
len = 0;
} else {
len = var_size + 1;
} }
} }
i++; i++;