koffi 2.2.2 → 2.2.3-beta.2

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "koffi",
-    "version": "2.2.2",
+    "version": "2.2.3-beta.2",
     "stable": "2.2.2",
     "description": "Fast and simple C FFI (foreign function interface) for Node.js",
     "keywords": [

package/src/koffi/src/abi_x64_win.cc

@@ -40,6 +40,10 @@ extern "C" napi_value CallSwitchStack(Napi::Function *func, size_t argc, napi_va
 
 #include "abi_trampolines.inc"
 
+#define TEB_STACK_BASE(TEB) (*(void **)((uint8_t *)(TEB) + 0x08))
+#define TEB_STACK_LIMIT(TEB) (*(void **)((uint8_t *)(TEB) + 0x10))
+#define TEB_DEALLOCATION_STACK(TEB) (*(void **)((uint8_t *)(TEB) + 0x1478))
+
 bool AnalyseFunction(Napi::Env, InstanceData *, FunctionInfo *func)
 {
     func->ret.regular = IsRegularSize(func->ret.type->size, 8);
@@ -216,6 +220,22 @@ bool CallData::Prepare(const FunctionInfo *func, const Napi::CallbackInfo &info)
 
 void CallData::Execute(const FunctionInfo *func)
 {
+    void *teb = (void *)__readgsqword(0x30);
+
+    // Store current stack limits
+    RG_DEFER_C(base = TEB_STACK_BASE(teb),
+               limit = TEB_STACK_LIMIT(teb),
+               dealloc = TEB_DEALLOCATION_STACK(teb)) {
+        TEB_STACK_BASE(teb) = base;
+        TEB_STACK_LIMIT(teb) = limit;
+        TEB_DEALLOCATION_STACK(teb) = dealloc;
+    };
+
+    // Adjust stack limits so SEH works correctly
+    TEB_STACK_BASE(teb) = mem->stack0.end();
+    TEB_STACK_LIMIT(teb) = mem->stack0.ptr;
+    TEB_DEALLOCATION_STACK(teb) = mem->stack0.ptr;
+
 #define PERFORM_CALL(Suffix) \
         ([&]() { \
             auto ret = (func->forward_fp ? ForwardCallX ## Suffix(func->func, new_sp, &old_sp) \
@@ -317,6 +337,21 @@ void CallData::Relay(Size idx, uint8_t *own_sp, uint8_t *caller_sp, bool async,
     if (RG_UNLIKELY(env.IsExceptionPending()))
         return;
 
+    void *teb = (void *)__readgsqword(0x30);
+
+    RG_DEFER_C(base = TEB_STACK_BASE(teb),
+               limit = TEB_STACK_LIMIT(teb),
+               dealloc = TEB_DEALLOCATION_STACK(teb)) {
+        TEB_STACK_BASE(teb) = base;
+        TEB_STACK_LIMIT(teb) = limit;
+        TEB_DEALLOCATION_STACK(teb) = dealloc;
+    };
+
+    // Restore real thread stack limits
+    TEB_STACK_BASE(teb) = instance->main_stack_max;
+    TEB_STACK_LIMIT(teb) = instance->main_stack_min;
+    TEB_DEALLOCATION_STACK(teb) = instance->main_stack_min;
+
     const TrampolineInfo &trampoline = shared.trampolines[idx];
 
     const FunctionInfo *proto = trampoline.proto;

package/src/koffi/src/abi_x86.cc

@@ -46,6 +46,12 @@ extern "C" napi_value CallSwitchStack(Napi::Function *func, size_t argc, napi_va
 
 #include "abi_trampolines.inc"
 
+#ifdef _WIN32
+    #define TEB_STACK_BASE(TEB) (*(void **)((uint8_t *)(TEB) + 0x04))
+    #define TEB_STACK_LIMIT(TEB) (*(void **)((uint8_t *)(TEB) + 0x08))
+    #define TEB_DEALLOCATION_STACK(TEB) (*(void **)((uint8_t *)(TEB) + 0xE0C))
+#endif
+
 bool AnalyseFunction(Napi::Env env, InstanceData *instance, FunctionInfo *func)
 {
     if (!func->lib && func->convention != CallConvention::Cdecl &&
@@ -297,6 +303,24 @@ bool CallData::Prepare(const FunctionInfo *func, const Napi::CallbackInfo &info)
 
 void CallData::Execute(const FunctionInfo *func)
 {
+#ifdef _WIN32
+    void *teb = (void *)__readfsdword(0x18);
+
+    // Store current stack limits
+    RG_DEFER_C(base = TEB_STACK_BASE(teb),
+               limit = TEB_STACK_LIMIT(teb),
+               dealloc = TEB_DEALLOCATION_STACK(teb)) {
+        TEB_STACK_BASE(teb) = base;
+        TEB_STACK_LIMIT(teb) = limit;
+        TEB_DEALLOCATION_STACK(teb) = dealloc;
+    };
+
+    // Adjust stack limits so SEH works correctly
+    TEB_STACK_BASE(teb) = mem->stack0.end();
+    TEB_STACK_LIMIT(teb) = mem->stack0.ptr;
+    TEB_DEALLOCATION_STACK(teb) = mem->stack0.ptr;
+#endif
+
 #define PERFORM_CALL(Suffix) \
         ([&]() { \
             auto ret = (func->fast ? ForwardCallR ## Suffix(func->func, new_sp, &old_sp) \
@@ -394,11 +418,28 @@ Napi::Value CallData::Complete(const FunctionInfo *func)
     RG_UNREACHABLE();
 }
 
-void CallData::Relay(Size idx, uint8_t *own_sp, uint8_t *caller_sp, bool async, BackRegisters *out_reg)
+void CallData::Relay(Size idx, uint8_t *, uint8_t *caller_sp, bool async, BackRegisters *out_reg)
 {
     if (RG_UNLIKELY(env.IsExceptionPending()))
         return;
 
+#ifdef _WIN32
+    void *teb = (void *)__readfsdword(0x18);
+
+    RG_DEFER_C(base = TEB_STACK_BASE(teb),
+               limit = TEB_STACK_LIMIT(teb),
+               dealloc = TEB_DEALLOCATION_STACK(teb)) {
+        TEB_STACK_BASE(teb) = base;
+        TEB_STACK_LIMIT(teb) = limit;
+        TEB_DEALLOCATION_STACK(teb) = dealloc;
+    };
+
+    // Restore real thread stack limits
+    TEB_STACK_BASE(teb) = instance->main_stack_max;
+    TEB_STACK_LIMIT(teb) = instance->main_stack_min;
+    TEB_DEALLOCATION_STACK(teb) = instance->main_stack_min;
+#endif
+
     const TrampolineInfo &trampoline = shared.trampolines[idx];
 
     const FunctionInfo *proto = trampoline.proto;

package/src/koffi/src/ffi.cc

@@ -1014,13 +1014,66 @@ static InstanceMemory *AllocateMemory(InstanceData *instance, Size stack_size, S
         return nullptr;
 
     InstanceMemory *mem = new InstanceMemory();
+    RG_DEFER_N(mem_guard) { delete mem; };
 
-    mem->stack.len = stack_size;
 #if defined(_WIN32)
-    mem->stack.ptr = (uint8_t *)VirtualAlloc(nullptr, mem->stack.len, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
+    {
+        struct FiberContext {
+            InstanceMemory *mem;
+            void *self;
+            bool was_fiber;
+        };
+
+        FiberContext ctx;
+        bool is_fiber = IsThreadAFiber();
+
+        ctx.mem = mem;
+        ctx.self = is_fiber ? GetCurrentFiber() : ConvertThreadToFiber(nullptr);
+        if (!ctx.self) {
+            LogError("Failed to make initial fiber: %1", GetWin32ErrorString());
+            return nullptr;
+        }
+        RG_DEFER {
+            if (!is_fiber) {
+                ConvertFiberToThread();
+            }
+        };
+
+        // Work around issue with CreateFiber() API and stack size
+        // See here: https://github.com/google/marl/issues/12
+        mem->fiber = CreateFiberEx(stack_size - 1, stack_size,
+                                   FIBER_FLAG_FLOAT_SWITCH, [](void *udata) {
+            FiberContext *ctx = (FiberContext *)udata;
+
+            // Handle initial call just below
+#if defined(__aarch64__) || defined(_M_ARM64)
+            NT_TIB *tib = (NT_TIB *)__getReg(18);
+#elif defined(__x86_64__) || defined(_M_AMD64)
+            NT_TIB *tib = (NT_TIB *)__readgsqword(0x30);
+#else
+            NT_TIB *tib = (NT_TIB *)__readfsdword(0x18);
+#endif
+
+            ctx->mem->stack.ptr = (uint8_t *)tib->StackLimit;
+            ctx->mem->stack.len = (uint8_t *)tib->StackBase - ctx->mem->stack.ptr;
+
+            SwitchToFiber(ctx->self);
+        }, &ctx);
+
+        if (!mem->fiber) {
+            LogError("Failed to create Win32 fiber: %1", GetWin32ErrorString());
+            return nullptr;
+        }
+
+        SwitchToFiber(mem->fiber);
+    }
+
+    RG_ASSERT(mem->stack.ptr);
 #elif defined(__APPLE__)
+    mem->stack.len = stack_size;
     mem->stack.ptr = (uint8_t *)mmap(nullptr, mem->stack.len, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON, -1, 0);
 #else
+    mem->stack.len = stack_size;
     mem->stack.ptr = (uint8_t *)mmap(nullptr, mem->stack.len, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANON | MAP_STACK, -1, 0);
 #endif
     RG_CRITICAL(mem->stack.ptr, "Failed to allocate %1 of memory", mem->stack.len);
@@ -1030,6 +1083,9 @@ static InstanceMemory *AllocateMemory(InstanceData *instance, Size stack_size, S
     mem->stack.len -= 16;
 #endif
 
+    // Keep real stack limits intact, in case we need them
+    mem->stack0 = mem->stack;
+
     mem->heap.len = heap_size;
 #ifdef _WIN32
     mem->heap.ptr = (uint8_t *)VirtualAlloc(nullptr, mem->heap.len, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
@@ -1048,6 +1104,7 @@ static InstanceMemory *AllocateMemory(InstanceData *instance, Size stack_size, S
         mem->temporary = true;
     }
 
+    mem_guard.Disable();
     return mem;
 }
 
@@ -1688,8 +1745,8 @@ void FunctionInfo::Unref() const
 InstanceMemory::~InstanceMemory()
 {
 #ifdef _WIN32
-    if (stack.ptr) {
-        VirtualFree(stack.ptr, 0, MEM_RELEASE);
+    if (fiber) {
+        DeleteFiber(fiber);
     }
     if (heap.ptr) {
         VirtualFree(heap.ptr, 0, MEM_RELEASE);
@@ -1929,6 +1986,18 @@ static InstanceData *CreateInstance(Napi::Env env)
     }
     napi_unref_threadsafe_function(env, instance->broker);
 
+#if defined(_WIN32) && (defined(__x86_64__) || defined(_M_AMD64))
+    void *teb = (void *)__readgsqword(0x30);
+
+    instance->main_stack_max = *(void **)((uint8_t *)teb + 0x08); // StackBase
+    instance->main_stack_min = *(void **)((uint8_t *)teb + 0x1478); // DeallocationStack
+#elif defined(_WIN32) && (defined(__i386__) || defined(_M_IX86))
+    void *teb = (void *)__readfsdword(0x18);
+
+    instance->main_stack_max = *(void **)((uint8_t *)teb + 0x04); // StackBase
+    instance->main_stack_min = *(void **)((uint8_t *)teb + 0xE0C); // DeallocationStack
+#endif
+
     err_guard.Disable();
     return instance;
 }

package/src/koffi/src/ffi.hh

@@ -225,12 +225,17 @@ struct InstanceMemory {
     ~InstanceMemory();
 
     Span<uint8_t> stack;
+    Span<uint8_t> stack0;
     Span<uint8_t> heap;
 
     uint16_t generation; // Can wrap without risk
 
     int16_t depth;
     bool temporary;
+
+#ifdef _WIN32
+    void *fiber;
+#endif
 };
 
 struct InstanceData {
@@ -254,6 +259,11 @@ struct InstanceData {
     std::thread::id main_thread_id;
     napi_threadsafe_function broker = nullptr;
 
+#ifdef _WIN32
+    void *main_stack_max;
+    void *main_stack_min;
+#endif
+
     HashMap<void *, int16_t> trampolines_map;
 
     BlockAllocator str_alloc;

package/vendor/miniz/ChangeLog.md

@@ -1,5 +1,9 @@
 ## Changelog
 
+### 3.0.2
+
+ - Fix buffer overrun in mz_utf8z_to_widechar on Windows
+
 ### 3.0.1
 
  - Fix compilation error with MINIZ_USE_UNALIGNED_LOADS_AND_STORES=1

package/vendor/miniz/miniz.c

@@ -3068,7 +3068,7 @@ static WCHAR* mz_utf8z_to_widechar(const char* str)
 {
   int reqChars = MultiByteToWideChar(CP_UTF8, 0, str, -1, NULL, 0);
   WCHAR* wStr = (WCHAR*)malloc(reqChars * sizeof(WCHAR));
-  MultiByteToWideChar(CP_UTF8, 0, str, -1, wStr, sizeof(WCHAR) * reqChars);
+  MultiByteToWideChar(CP_UTF8, 0, str, -1, wStr, reqChars);
   return wStr;
 }
 

package/vendor/miniz/miniz.h

@@ -275,10 +275,10 @@ enum
     MZ_DEFAULT_COMPRESSION = -1
 };
 
-#define MZ_VERSION "11.0.1"
-#define MZ_VERNUM 0xB001
+#define MZ_VERSION "11.0.2"
+#define MZ_VERNUM 0xB002
 #define MZ_VER_MAJOR 11
-#define MZ_VER_MINOR 1
+#define MZ_VER_MINOR 2
 #define MZ_VER_REVISION 0
 #define MZ_VER_SUBREVISION 0