The existing text about processes not responding is unclear, at least to
me. Suggestions for clarification welcome, but I think the best thing
might be to state that the process may stop responding and leave it at
that. The explanantion (about asynchronous listeners) is not clear to
me. (Why would the fact that the listeners are asynchronous matter?) If
it's an unnecessary detail (as seems likely), let's remove it.
PR-URL: https://github.com/nodejs/node/pull/36117
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Refs: https://github.com/nodejs/node-addon-api/issues/764
Improve the consistency of how we get a context
when needed. We generally used env->context() in N-API
but there were are few exceptions that this PR addresses.
Signed-off-by: Michael Dawson <mdawson@devrus.com>
PR-URL: https://github.com/nodejs/node/pull/36068
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Gabriel Schulhof <gabriel.schulhof@intel.com>
Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Chengzhong Wu <legendecas@gmail.com>
After conducting several benchmarks, I noticed performance losses of
5-10%. As OS X is not a performance critical platform, as already
mentioned by @bnoordhuis, I have removed the -no_pie flag at least for
this platform. I'd love to enable PIE for other platforms if the 5-10%
speed loss is not too high. I would be happy to hear your opinion on
this.
Refs: https://github.com/nodejs/node/issues/33425
PR-URL: https://github.com/nodejs/node/pull/35704
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
added test for uncovered if statement in lib/fs.js
PR-URL: https://github.com/nodejs/node/pull/35918
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
This is a security release.
Notable changes:
Vulnerabilities fixed:
* CVE-2020-8277: Denial of Service through DNS request (High). A Node.js
application that allows an attacker to trigger a DNS request for a
host of their choice could trigger a Denial of Service by getting the
application to resolve a DNS record with a larger number of responses.
PR-URL: https://github.com/nodejs-private/node-private/pull/233
This is a security release.
Notable changes:
Vulnerabilities fixed:
* CVE-2020-8277: Denial of Service through DNS request (High). A Node.js
application that allows an attacker to trigger a DNS request for a
host of their choice could trigger a Denial of Service by getting the
application to resolve a DNS record with a larger number of responses.
PR-URL: https://github.com/nodejs-private/node-private/pull/234
This is a security release.
Notable changes:
Vulnerabilities fixed:
* CVE-2020-8277: Denial of Service through DNS request (High). A Node.js
application that allows an attacker to trigger a DNS request for a
host of their choice could trigger a Denial of service by getting the
application to resolve a DNS record with a larger number of responses.
PR-URL: https://github.com/nodejs-private/node-private/pull/232
Original commit message:
If there are more ttls returned than the maximum provided by the requestor, then
the *naddrttls response would be larger than the actual number of elements in
the addrttls array.
This bug could lead to invalid memory accesses in applications using c-ares.
This behavior appeared to break with PR https://github.com/c-ares/c-ares/pull/257
Fixes: https://github.com/c-ares/c-ares/issues/371
Reported By: Momtchil Momtchev (@mmomtchev)
Fix By: Brad House (@bradh352)
Refs: https://github.com/nodejs/node/issues/36063
Signed-off-by: Michael Dawson <mdawson@devrus.com>
CVE-ID: CVE-2020-8277
PR-URL: https://github.com/nodejs-private/node-private/pull/231
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Fixes warning: format ‘%lu’ expects argument of type ‘long unsigned
int’, but argument 4 has type ‘size_t {aka unsigned int}`
Co-authored-by: Anna Henningsen <github@addaleax.net>
PR-URL: https://github.com/nodejs/node/pull/36060
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Factor out how we handle a `napi_status`-valued return internally.
Signed-off-by: Gabriel Schulhof <gabriel.schulhof@intel.com>
PR-URL: https://github.com/nodejs/node/pull/36113
Reviewed-By: Stephen Belanger <admin@stephenbelanger.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Original commit message:
[mac-arm64] Fix missing #include
For an "#if defined(MAP_JIT)" test to work as expected, <sys/mman.h>
must be included in the compilation unit.
Bug: chromium:1144200
Change-Id: Ia0bf35ec1872c02457f1fbc0ee6689c7f7d27d4a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2517689
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Reviewed-by: Igor Sheludko <ishell@chromium.org>
Reviewed-by: Nico Weber <thakis@chromium.org>
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70986}
PR-URL: https://github.com/nodejs/node/pull/35986
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Original commit message:
[mac] Set MAP_JIT only when necessary
This is a "minimal" change to achieve the required goal: seeing that
there is only one place where we need to indicate that memory should
be reserved with MAP_JIT, we can add a value to the Permissions enum
instead of adding a second, orthogonal parameter.
That way we avoid changing public API functions, which makes this CL
easier to undo once we have platform-independent w^x in Wasm.
Bug: chromium:1117591
Change-Id: I6333d69ab29d5900c689f08dcc892a5f1c1159b8
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2435365
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Reviewed-by: Clemens Backes <clemensb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70379}
PR-URL: https://github.com/nodejs/node/pull/35986
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Original commit message:
[platform] Add Permission::kNoAccessWillJitLater enum value
This value is unused for now. This CL is part 1 of a 3-step dance.
Part 2 will be teaching Chrome's Platform implementation to accept
the new value. Part 3 will then actually use it in V8.
Bug: chromium:1117591
Change-Id: Ie3aed20d4cc58f3def3be2a3a03bba4c3a37bf44
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2450056
Commit-Queue: Jakob Kummerow <jkummerow@chromium.org>
Reviewed-by: Michael Lippautz <mlippautz@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70335}
PR-URL: https://github.com/nodejs/node/pull/35986
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Beth Griggs <bgriggs@redhat.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Original commit message:
Fix alloc/dealloc size mismatch for v8::BackingStore
On newer compilers the {operator delete} with explicit {size_t}
argument would be instantiated for {v8::BackingStore} and used
in the destructor of {std::unique_ptr<v8::BackingStore>}. The {size_t}
argument is wrong though, since the pointer actually points
to a {v8::internal::BackingStore} object.
The solution is to explicitly provide a {operator delete}, preventing
an implicitly generated {size_t} operator.
Bug:v8:11081
Change-Id: Iee0aa47a67f0e41000bea628942f7e3d70198b83
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2506712
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Reviewed-by: Camillo Bruni <cbruni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70916}
PR-URL: https://github.com/nodejs/node/pull/35939
Fixes: https://github.com/nodejs/node/issues/35669
Refs: 9a49b2298f
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Gus Caplan <me@gus.host>
Original commit message:
fix: correct calling convention for Windows on Arm
Corrects a "Check failed: kFPParamRegisterCount == kParamRegisterCount"
message when compiling v8_snapshot for Windows on Arm.
Unlike x64, Windows on Arm's calling convention does not alternate
between integer and float registers.
Bug: chromium:1052746
Change-Id: I4c9cdafcd6e43742b94613f85b2983761cc0891a
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2440717
Commit-Queue: Maya Lekova <mslekova@chromium.org>
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Maya Lekova <mslekova@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70257}
Refs: 7b3a27b7ae
PR-URL: https://github.com/nodejs/node/pull/35700
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Shelley Vohr <codebytere@gmail.com>
Original commit message:
[heap-profiler] Fix crash when a snapshot deleted while taking one
Fix a crash/hang that occurred when deleting a snapshot during the
GC that is part of taking another one.
Specifically, when deleting the only other snapshot in such
a situation, the `v8::HeapSnapshot::Delete()` method sees that there
is only one (complete) snapshot at that point, and decides that it is
okay to perform “delete all snapshots” instead of just deleting
the requested one. That resets the internal string lookup table
of the heap profiler, but the new snapshot that is currently in
progress still holds references to the old string lookup table,
leading to a use-after-free segfault or infinite loop.
Fix this by guarding against resetting the string table while
another heap snapshot is being taken, and add a test that would
crash before this fix.
This can be triggered in Node.js by repeatedly calling
`v8.getHeapSnapshot()`, which provides heap snapshots as weakly
held host objects.
Change-Id: If9ac3728bf79114000982f1e7bb05e8034299e3c
Reviewed-on: https://chromium-review.googlesource.com/c/v8/v8/+/2464823
Reviewed-by: Ulan Degenbaev <ulan@chromium.org>
Commit-Queue: Ulan Degenbaev <ulan@chromium.org>
Cr-Commit-Position: refs/heads/master@{#70445}
Refs: 3176bfd447
PR-URL: https://github.com/nodejs/node/pull/35612
Refs: https://github.com/nodejs/node/issues/35559
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Gerhard Stöbich <deb2001-github@yahoo.de>
Patch V8 (wasm/wasm-module.cc) to remove const qualifier from type
passed to template call of `OwnedVector::Of`. Xcode 8 can't convert
'OwnedVector<unsigned char>' to 'OwnedVector<const unsigned char>' when
returning from a function (which is likely a bug on Xcode, considering
this worked on the prior version of Xcode as well as newer versions).
This workaround shouldn't affect the application, since the const
qualifier is preserved in the AsmJsOffsetInformation::encoded_offset_.
There's also a V8 test passing a const-qualified type to ::Of, but since
we don't test V8 on Xcode 8, it should be fine to leave it as is.
Signed-off-by: Matheus Marchini <mmarchini@netflix.com>
PR-URL: https://github.com/nodejs/node/pull/32116
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
There is a bug in the most recent version of VS2015 that affects v8.h
and therefore prevents compilation of addons.
Refs: https://stackoverflow.com/q/38378693
PR-URL: https://github.com/nodejs/node/pull/32116
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
This should be semver-patch since actual invocation is version
conditional.
PR-URL: https://github.com/nodejs/node/pull/32116
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Patch V8 (compiler/js-heap-broker.cc) to remove the use of an optional
property, which is a fairly new C++ feature, since that requires a newer
XCode version than the minimum requirement in BUILDING.md and thus
breaks CI.
PR-URL: https://github.com/nodejs/node/pull/32116
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Original commit message:
[testrunner] delete ancient junit compatible format support
Testrunner has ancient support for JUnit compatible XML output.
This CL removes this old feature.
R=mstarzinger@chromium.org,jgruber@chromium.org,jkummerow@chromium.org
CC=machenbach@chromium.org
Bug: v8:8728
Change-Id: I7e1beb011dbaec3aa1a27398a5c52abdd778eaf0
Reviewed-on: https://chromium-review.googlesource.com/c/1430065
Reviewed-by: Jakob Gruber <jgruber@chromium.org>
Reviewed-by: Michael Starzinger <mstarzinger@chromium.org>
Commit-Queue: Tamer Tas <tmrts@chromium.org>
Cr-Commit-Position: refs/heads/master@{#59045}
Refs: bd019bdb72
PR-URL: https://github.com/nodejs/node/pull/32116
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Jiawen Geng <technicalcute@gmail.com>
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Inadvertent double hash in link makes it invalid and no longer pointing
to the documentation section it intends to point to.
PR-URL: https://github.com/nodejs/node/pull/36109
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Yongsheng Zhang <zyszys98@gmail.com>
Reviewed-By: Daijiro Wachi <daijiro.wachi@gmail.com>
In email, Shigeki Ohtsu indicated that a move to emeritus would be
appropriate at this time. I'm especially grateful for the crypto and
security work over the years, and I'm sure I'm not the only one.
PR-URL: https://github.com/nodejs/node/pull/36093
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Render all properties of nodeTiming enumerable
so JSON.stringify and Object.keys can access them
Fixes: https://github.com/nodejs/node/issues/35936
PR-URL: https://github.com/nodejs/node/pull/35977
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
If the option cwd does not exist, the error ENOENT is the same as
the error emitted when the command does not exist, it's confusing.
PR-URL: https://github.com/nodejs/node/pull/34505
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Gireesh Punathil <gpunathi@in.ibm.com>
PR-URL: https://github.com/nodejs/node/pull/33099
Reviewed-By: Anna Henningsen <anna@addaleax.net>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Juan José Arboleda <soyjuanarbol@gmail.com>
Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
