Skip to content

src: fix Boyer-Moore array bounds safety #59018

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
codebytere wants to merge 1 commit into from
Closed

src: fix Boyer-Moore array bounds safety #59018

codebytere wants to merge 1 commit into from

Conversation

@codebytere
Copy link
Member

@codebytere codebytere commented Jul 10, 2025
edited
Loading

Refs https://chromium-review.googlesource.com/c/chromium/src/+/6703757

The above CL enabled array bounds sanitization for Electron and therefore Node.js, which triggered
a crash in parallel/test-buffer-indexof.js. Upon a bit more investigation, some Boyer-Moore related functions
function were using biased pointer arithmetic to create array pointers that point outside the actual array bounds.

When start_ is large this creates pointers far outside the valid memory range. The sanitizer detects that we're creating and dereferencing pointers outside array boundaries, even though the final memory access happens to land in valid memory.

This changes the functions to use bounds-safe array indexing.

@codebytere codebytere requested review from anonrig and jasnell July 10, 2025 09:02
@nodejs-github-bot
Copy link
Collaborator

nodejs-github-bot commented Jul 10, 2025

Review requested:

  • @nodejs/security-wg

@nodejs-github-bot nodejs-github-bot added dependencies Pull requests that update a dependency file. needs-ci PRs that need a full CI run. labels Jul 10, 2025
@codebytere codebytere force-pushed the fix-boyer-moore-ub branch from 146ee54 to f9a42c7 Compare July 10, 2025 09:03
@codebytere codebytere changed the title fix: Boyer-Moore array bounds safety rcs: Boyer-Moore array bounds safety Jul 10, 2025
@codebytere codebytere changed the title rcs: Boyer-Moore array bounds safety src: Boyer-Moore array bounds safety Jul 10, 2025
@codebytere codebytere force-pushed the fix-boyer-moore-ub branch from f9a42c7 to 44df0f4 Compare July 10, 2025 09:04
@codebytere codebytere changed the title src: Boyer-Moore array bounds safety src: fix Boyer-Moore array bounds safety Jul 10, 2025
@addaleax
Copy link
Member

addaleax commented Jul 10, 2025

This should probably be a PR against https://github.com/nodejs/nbytes, right?

@codebytere
Copy link
Member Author

codebytere commented Jul 10, 2025

Oops you're right - for some reason i thought module extraction hadn't fully completed yet. done at nodejs/nbytes#7

@codebytere codebytere closed this Jul 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jasnell jasnell Awaiting requested review from jasnell

@anonrig anonrig Awaiting requested review from anonrig

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file. needs-ci PRs that need a full CI run.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@codebytere @nodejs-github-bot @addaleax