nodejs
/
node
mirror of https://github.com/nodejs/node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

util: fix inspection of errors with tampered name or stack property 

This makes sure that `util.inspect()` does not throw while inspecting
errors that have the name or stack property set to a different type
than string.

Fixes: https://github.com/nodejs/node/issues/30572

PR-URL: https://github.com/nodejs/node/pull/30576
Reviewed-By: David Carlier <devnexen@gmail.com>
Reviewed-By: Anto Aravinth <anto.aravinth.cse@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Anna Henningsen <anna@addaleax.net>
This commit is contained in:
Ruben Bridgewater 2019-11-21 14:18:41 +01:00 committed by Anna Henningsen
parent 3e6e0006d8
commit 255461e19a
No known key found for this signature in database
GPG Key ID: 9C63F3A6CD2AD8F9
2 changed files with 32 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/internal/util/inspect.js
View File

@ -937,12 +937,12 @@ function getFunctionBase(value, constructor, tag) {
}
function formatError(err, constructor, tag, ctx) {
let stack = err.stack || ErrorPrototypeToString(err);
const name = err.name != null ? String(err.name) : 'Error';
let len = name.length;
let stack = err.stack ? String(err.stack) : ErrorPrototypeToString(err);
// A stack trace may contain arbitrary data. Only manipulate the output
// for "regular errors" (errors that "look normal") for now.
const name = err.name || 'Error';
let len = name.length;
if (constructor === null ||
(name.endsWith('Error') &&
stack.startsWith(name) &&

29
test/parallel/test-util-inspect.js
View File

@ -691,6 +691,35 @@ assert.strictEqual(util.inspect(-5e-324), '-5e-324');
);
}
// Tampered error stack or name property (different type than string).
// Note: Symbols are not supported by `Error#toString()` which is called by
// accessing the `stack` property.
[
[404, '404: foo', '[404]'],
[0, '0: foo', '[RangeError: foo]'],
[0n, '0: foo', '[RangeError: foo]'],
[null, 'null: foo', '[RangeError: foo]'],
[undefined, 'RangeError: foo', '[RangeError: foo]'],
[false, 'false: foo', '[RangeError: foo]'],
['', 'foo', '[RangeError: foo]'],
[[1, 2, 3], '1,2,3: foo', '[1,2,3]'],
].forEach(([value, outputStart, stack]) => {
let err = new RangeError('foo');
err.name = value;
assert(
util.inspect(err).startsWith(outputStart),
util.format(
'The name set to %o did not result in the expected output "%s"',
value,
outputStart
)
);
err = new RangeError('foo');
err.stack = value;
assert.strictEqual(util.inspect(err), stack);
});
// https://github.com/nodejs/node-v0.x-archive/issues/1941
assert.strictEqual(util.inspect(Object.create(Date.prototype)), 'Date {}');