Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

zlib: warn before crash on invalid internals usage #16657

Closed
wants to merge 3 commits into from

Conversation

addaleax
Copy link
Member

I realize this is a pretty unusual patch but it might make sense to do this given that a lot of people running into #16649 might not understand what is happening or how to fix it.

Refs: #16649
Refs: #14161

Checklist
  • make -j4 test (UNIX), or vcbuild test (Windows) passes
  • tests and/or benchmarks are included
  • commit message follows commit guidelines
Affected core subsystem(s)

zlib

@addaleax addaleax added npm Issues and PRs related to the npm client dependency or the npm registry. zlib Issues and PRs related to the zlib subsystem. labels Oct 31, 2017
@addaleax addaleax requested a review from a team October 31, 2017 23:50
@nodejs-github-bot nodejs-github-bot added c++ Issues and PRs that require attention from people who are familiar with C++. zlib Issues and PRs related to the zlib subsystem. labels Oct 31, 2017
Copy link
Contributor

@evanlucas evanlucas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is a good idea and it doesn’t really cost us anything

Copy link
Contributor

@MylesBorins MylesBorins left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A++

We should likely bundle this with the openssl patch.

Should we remove it after npm releases their next release?

@refack
Copy link
Contributor

refack commented Nov 1, 2017

Should we remove it after npm releases their next release?

I think it should stay, since the combination of [email protected] and 5.4.0 < npm < 5.5.1 might exist in the wild for a while...

@addaleax
Copy link
Member Author

addaleax commented Nov 1, 2017

@MylesBorins I have no idea when we should remove it, but no, there’s no rush – this won’t show up if you’re using a broken version.

src/node_zlib.cc Outdated
if (args.Length() == 5) {
fprintf(stderr,
"WARNING: You are likely using a version of node-tar or npm that "
"uses the internals of Node.js in an invalid way.\nPlease use "
Copy link
Member

@Trott Trott Nov 1, 2017

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Micro-nit (totally not blocking): s/uses the internals of Node.js in an invalid way/is incompatible with this version of Node.js/

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think I prefer the current wording because it gives more of a hint on why the error is occurring. That the versions are incompatible kind of follows from the rest of the message, right?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess I'm trying to avoid "uses the internals of Node.js in an invalid way" as it seems likely to be seen as throwing a bit of shade at npm. But I may be overthinking it.

Beyond that, my thinking was that the user needs to know the versions are incompatible, and why (or whose responsible for the situation) are secondary.

All that said, I'm fine with the current wording.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Trott yup, updated!

src/node_zlib.cc Outdated
"uses the internals of Node.js in an invalid way.\nPlease use "
"either the version of npm that is bundled with Node.js, or "
"a version of npm (> 5.5.1 or < 5.4.0) or node-tar (> 4.0.1) "
"that is compatible with Node 9 and above.\n");
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nit: s/Node 9/Node.js 9/

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yup, done!

Copy link
Member

@Trott Trott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My nits are not objections, just comments. Feel free ot ignore if you disagree with them or whatever.

@Trott
Copy link
Member

Trott commented Nov 1, 2017

Is this intended to be more-or-less permanent or something that gets removed in the foreseeable future? No objections either way. Just trying to be reasonably informed.

@addaleax
Copy link
Member Author

addaleax commented Nov 1, 2017

@Trott I would expect this to be removed at some point, but that can probably be just about whenever.

Copy link
Member

@bnoordhuis bnoordhuis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM but for my understanding, this is because tar/minizlib calls process.binding('zlib')? It's graceful-fs all over!

I looked at minizlib/index.js and I can't for the life of me figure out why it does that. It should be able to get along just fine through the public API.

@addaleax
Copy link
Member Author

addaleax commented Nov 3, 2017

LGTM but for my understanding, this is because tar/minizlib calls process.binding('zlib')? It's graceful-fs all over!

Yup. The reason is that they’re trying to avoid the overhead that comes with the streams API, which is reasonable but really something we should be providing from core.

@addaleax
Copy link
Member Author

addaleax commented Nov 3, 2017

CI: https://ci.nodejs.org/job/node-test-commit/13692/

This should be ready.

@addaleax
Copy link
Member Author

addaleax commented Nov 6, 2017

Landed in 0300565

@addaleax addaleax closed this Nov 6, 2017
@addaleax addaleax deleted the zlib-warn-crash branch November 6, 2017 17:55
addaleax added a commit that referenced this pull request Nov 6, 2017
PR-URL: #16657
Refs: #16649
Refs: #14161
Reviewed-By: Evan Lucas <[email protected]>
Reviewed-By: Refael Ackermann <[email protected]>
Reviewed-By: Myles Borins <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: Daijiro Wachi <[email protected]>
Reviewed-By: Joyee Cheung <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
MylesBorins pushed a commit that referenced this pull request Nov 6, 2017
PR-URL: #16657
Refs: #16649
Refs: #14161
Reviewed-By: Evan Lucas <[email protected]>
Reviewed-By: Refael Ackermann <[email protected]>
Reviewed-By: Myles Borins <[email protected]>
Reviewed-By: Tobias Nießen <[email protected]>
Reviewed-By: Daijiro Wachi <[email protected]>
Reviewed-By: Joyee Cheung <[email protected]>
Reviewed-By: Ben Noordhuis <[email protected]>
Reviewed-By: Anna Henningsen <[email protected]>
@MylesBorins
Copy link
Contributor

I've landed this on 9.x-staging to ensure it comes in the next release.

@MylesBorins
Copy link
Contributor

@addaleax I've added dont-land-on labels for v6.x and v8.x as they are unaffected by the zlib refactor. please lmk if I am mistaken

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
c++ Issues and PRs that require attention from people who are familiar with C++. npm Issues and PRs related to the npm client dependency or the npm registry. zlib Issues and PRs related to the zlib subsystem.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

10 participants