diff --git a/test/abort/common.gypi b/test/abort/common.gypi new file mode 100644 index 00000000000000..19396c61856af3 --- /dev/null +++ b/test/abort/common.gypi @@ -0,0 +1,8 @@ +{ + 'defines': [ 'V8_DEPRECATION_WARNINGS=1', 'NODE_WANT_INTERNALS=1' ], + 'conditions': [ + [ 'OS in "linux freebsd openbsd solaris android aix cloudabi"', { + 'cflags': ['-Wno-cast-function-type'], + }], + ], +} diff --git a/test/abort/test_abort-aliased-buffer-overflow/binding.cc b/test/abort/test_abort-aliased-buffer-overflow/binding.cc new file mode 100644 index 00000000000000..c3bf66061bf0ee --- /dev/null +++ b/test/abort/test_abort-aliased-buffer-overflow/binding.cc @@ -0,0 +1,23 @@ +#include +#include +#include + +#include +#include + +void AllocateAndResizeBuffer( + const v8::FunctionCallbackInfo& args) { + v8::Isolate* isolate = args.GetIsolate(); + int64_t length = args[0].As()->Int64Value(); + + node::AliasedBigUint64Array array{isolate, 0}; + + array.reserve(length); + assert(false); + } + +void init(v8::Local exports) { + NODE_SET_METHOD(exports, + "allocateAndResizeBuffer", + AllocateAndResizeBuffer); +} diff --git a/test/abort/test_abort-aliased-buffer-overflow/binding.gyp b/test/abort/test_abort-aliased-buffer-overflow/binding.gyp new file mode 100644 index 00000000000000..55fbe7050f18e4 --- /dev/null +++ b/test/abort/test_abort-aliased-buffer-overflow/binding.gyp @@ -0,0 +1,9 @@ +{ + 'targets': [ + { + 'target_name': 'binding', + 'sources': [ 'binding.cc' ], + 'includes': ['../common.gypi'], + } + ] +} diff --git a/test/abort/test_abort-aliased-buffer-overflow/test-abort-aliased-buffer-overflow.js b/test/abort/test_abort-aliased-buffer-overflow/test-abort-aliased-buffer-overflow.js new file mode 100644 index 00000000000000..33cd21295848b9 --- /dev/null +++ b/test/abort/test_abort-aliased-buffer-overflow/test-abort-aliased-buffer-overflow.js @@ -0,0 +1,28 @@ +'use strict'; +const common = require('../common'); +const assert = require('assert'); +const cp = require('child_process'); + +// This test ensures that during resizing of an Aliased*Array the computation +// of the new size does not overflow. + +if (process.argv[2] === 'child') { + // test + const binding = require(`./build/${common.buildType}/binding`); + + const bigValue = BigInt('0xE000 0000 E000 0000'); + binding.AllocateAndResizeBuffer(bigValue); + assert.fail('this should be unreachable'); +} else { + // observer + const child = cp.spawn(`${process.execPath}`, [`${__filename}`, 'child']); + child.on('exit', common.mustCall(function(code, signal) { + if (common.isWindows) { + assert.strictEqual(code, 134); + assert.strictEqual(signal, null); + } else { + assert.strictEqual(code, null); + assert.strictEqual(signal, 'SIGABRT'); + } + })); +}