Skip to content

Internal domain function can be used to cause segfaults #14519

New issue
New issue
Closed
Closed
Internal domain function can be used to cause segfaults#14519
Labels
domainIssues and PRs related to the domain subsystem.processIssues and PRs related to the process subsystem.
@tniessen

Description

@tniessen
tniessen
opened on Jul 27, 2017
  • Version: master
  • Platform: all
  • Subsystem: process / domain

The following snippet will cause a segmentation fault on master:

// This is an evil array
const array = [0];
Object.defineProperty(array, '0', {
  get() {
    throw new Error();
  }
});

// Trick the environment into thinking it is inside a domain
process._setupDomainUse(array, [])[0] = 1;

// This call will try to use the pretended domain and segfault
require('crypto').randomBytes(1024, () => { });

// The process will segfault above so this never gets printed
console.log('Still working');

This is caused by using env->domain_array->Get(0) instead of the safe variant of the Get function. This is not limited to randomBytes, there is a number of files with similar code.

The priority of this issue is very low as it uses undocumented internal functions to intentionally cause a segmentation fault. I am documenting this for the sake of completeness.

Metadata

Metadata

Assignees

No one assigned

    Labels

    domainIssues and PRs related to the domain subsystem.processIssues and PRs related to the process subsystem.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions