src: avoid OOB read in URL parser by addaleax · Pull Request #33640 · nodejs/node
This is not a big concern, because right now, all (non-test) inputs to the parser are `'\0'`-terminated, but we should be future-proof here and not perform these OOB reads.
added
the
c++
label
May 29, 2020
BridgeAR
added
the
author ready
label
May 30, 2020jasnell pushed a commit that referenced this pull request
May 30, 2020
This is not a big concern, because right now, all (non-test) inputs to the parser are `'\0'`-terminated, but we should be future-proof here and not perform these OOB reads. PR-URL: #33640 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This was referenced
Jun 3, 2020codebytere pushed a commit that referenced this pull request
Jun 18, 2020
This is not a big concern, because right now, all (non-test) inputs to the parser are `'\0'`-terminated, but we should be future-proof here and not perform these OOB reads. PR-URL: #33640 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
codebytere pushed a commit that referenced this pull request
Jun 30, 2020
This is not a big concern, because right now, all (non-test) inputs to the parser are `'\0'`-terminated, but we should be future-proof here and not perform these OOB reads. PR-URL: #33640 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
codebytere pushed a commit that referenced this pull request
Jul 9, 2020
This is not a big concern, because right now, all (non-test) inputs to the parser are `'\0'`-terminated, but we should be future-proof here and not perform these OOB reads. PR-URL: #33640 Reviewed-By: Sam Roberts <vieuxtech@gmail.com> Reviewed-By: Gus Caplan <me@gus.host> Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com> Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters