Home Original page

src: fix potential segmentation fault in SQLite by tniessen · Pull Request #53850 · nodejs/node

@tniessen 

The Local<Value> returned from ColumnToValue() and ColumnNameToValue()
may be empty (if a JavaScript exception is pending), in which case a
segmentation fault may occur at the call sites, which do not check if
the Local<Value> is empty. Fix this bug returning early if an exception
is pending (as indicated by the Local being empty).

In the long term, these functions should return MaybeLocal instead of
Local, but this patch is supposed to be a minimal bug fix only.

@tniessen added the sqlite

Issues and PRs related to the SQLite subsystem.

label

Jul 14, 2024

@nodejs-github-bot nodejs-github-bot added c++

Issues and PRs that require attention from people who are familiar with C++.

needs-ci

PRs that need a full CI run.

labels

Jul 14, 2024

@tniessen tniessen added the author ready

PRs that have at least one approval, no pending requests for changes, and a CI started.

label

Jul 14, 2024

jasnell

ehsankhfr pushed a commit to ehsankhfr/node that referenced this pull request

Jul 18, 2024 
The Local<Value> returned from ColumnToValue() and ColumnNameToValue()
may be empty (if a JavaScript exception is pending), in which case a
segmentation fault may occur at the call sites, which do not check if
the Local<Value> is empty. Fix this bug returning early if an exception
is pending (as indicated by the Local being empty).

In the long term, these functions should return MaybeLocal instead of
Local, but this patch is supposed to be a minimal bug fix only.

PR-URL: nodejs#53850
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>

targos pushed a commit that referenced this pull request

Jul 28, 2024 
The Local<Value> returned from ColumnToValue() and ColumnNameToValue()
may be empty (if a JavaScript exception is pending), in which case a
segmentation fault may occur at the call sites, which do not check if
the Local<Value> is empty. Fix this bug returning early if an exception
is pending (as indicated by the Local being empty).

In the long term, these functions should return MaybeLocal instead of
Local, but this patch is supposed to be a minimal bug fix only.

PR-URL: #53850
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Yagiz Nizipli <yagiz@nizipli.com>

@targos targos added the dont-land-on-v20.x

PRs that should not land on the v20.x-staging branch and should not be released in v20.x.

label

Sep 21, 2024