node-addon-api 1.7.1 → 1.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/CHANGELOG.md +12 -0
  2. package/README.md +1 -1
  3. package/package.json +2 -1
  4. package/src/node_api.cc +9 -3
package/CHANGELOG.md CHANGED
@@ -1,5 +1,17 @@
1
1
  # node-addon-api Changelog
2
2
 
3
+ ## 2020-06-02 Version 1.7.2, @NickNaso
4
+
5
+ ### Notable changes:
6
+
7
+ #### API
8
+
9
+ - Fix memory corruption vulnerability
10
+
11
+ ### Commmits
12
+
13
+ * [[`801bd068f4`](https://github.com/nodejs/node-addon-api/commit/801bd068f4)] - **napi**: fix memory corruption vulnerability (Tobias Nießen )
14
+
3
15
  ## 2019-07-23 Version 1.7.1, @NickNaso
4
16
 
5
17
  ### Notable changes:
package/README.md CHANGED
@@ -46,7 +46,7 @@ to ideas specified in the **ECMA262 Language Specification**.
46
46
  - **[Contributors](#contributors)**
47
47
  - **[License](#license)**
48
48
 
49
- ## **Current version: 1.7.1**
49
+ ## **Current version: 1.7.2**
50
50
 
51
51
  (See [CHANGELOG.md](CHANGELOG.md) for complete Changelog)
52
52
 
package/package.json CHANGED
@@ -45,6 +45,7 @@
45
45
  "Sam Roberts (https://github.com/sam-github)",
46
46
  "Taylor Woll (https://github.com/boingoing)",
47
47
  "Thomas Gentilhomme (https://github.com/fraxken)",
48
+ "Tobias Nießen (https://github.com/tniessen)",
48
49
  "Tux3 (https://github.com/tux3)",
49
50
  "Yohei Kishimoto (https://github.com/morokosi)"
50
51
  ],
@@ -74,5 +75,5 @@
74
75
  "dev:incremental": "node test",
75
76
  "doc": "doxygen doc/Doxyfile"
76
77
  },
77
- "version": "1.7.1"
78
+ "version": "1.7.2"
78
79
  }
package/src/node_api.cc CHANGED
@@ -2238,7 +2238,7 @@ napi_status napi_get_value_string_latin1(napi_env env,
2238
2238
  if (!buf) {
2239
2239
  CHECK_ARG(env, result);
2240
2240
  *result = val.As<v8::String>()->Length();
2241
- } else {
2241
+ } else if (bufsize != 0) {
2242
2242
  int copied = val.As<v8::String>()->WriteOneByte(
2243
2243
  reinterpret_cast<uint8_t*>(buf), 0, bufsize - 1,
2244
2244
  v8::String::NO_NULL_TERMINATION);
@@ -2247,6 +2247,8 @@ napi_status napi_get_value_string_latin1(napi_env env,
2247
2247
  if (result != nullptr) {
2248
2248
  *result = copied;
2249
2249
  }
2250
+ } else if (result != nullptr) {
2251
+ *result = 0;
2250
2252
  }
2251
2253
 
2252
2254
  return napi_clear_last_error(env);
@@ -2274,7 +2276,7 @@ napi_status napi_get_value_string_utf8(napi_env env,
2274
2276
  if (!buf) {
2275
2277
  CHECK_ARG(env, result);
2276
2278
  *result = val.As<v8::String>()->Utf8Length();
2277
- } else {
2279
+ } else if (bufsize != 0) {
2278
2280
  int copied = val.As<v8::String>()->WriteUtf8(
2279
2281
  buf, bufsize - 1, nullptr, v8::String::REPLACE_INVALID_UTF8 |
2280
2282
  v8::String::NO_NULL_TERMINATION);
@@ -2283,6 +2285,8 @@ napi_status napi_get_value_string_utf8(napi_env env,
2283
2285
  if (result != nullptr) {
2284
2286
  *result = copied;
2285
2287
  }
2288
+ } else if (result != nullptr) {
2289
+ *result = 0;
2286
2290
  }
2287
2291
 
2288
2292
  return napi_clear_last_error(env);
@@ -2311,7 +2315,7 @@ napi_status napi_get_value_string_utf16(napi_env env,
2311
2315
  CHECK_ARG(env, result);
2312
2316
  // V8 assumes UTF-16 length is the same as the number of characters.
2313
2317
  *result = val.As<v8::String>()->Length();
2314
- } else {
2318
+ } else if (bufsize != 0) {
2315
2319
  int copied = val.As<v8::String>()->Write(
2316
2320
  reinterpret_cast<uint16_t*>(buf), 0, bufsize - 1,
2317
2321
  v8::String::NO_NULL_TERMINATION);
@@ -2320,6 +2324,8 @@ napi_status napi_get_value_string_utf16(napi_env env,
2320
2324
  if (result != nullptr) {
2321
2325
  *result = copied;
2322
2326
  }
2327
+ } else if (result != nullptr) {
2328
+ *result = 0;
2323
2329
  }
2324
2330
 
2325
2331
  return napi_clear_last_error(env);