fix: potential null dereference in normalizeSpawnArguments() patch (#42260)

fix: potential null deref in normalizeSpawnArguments() patch

Use upstream's practice of using `env = options.env || process.env`.
Previously, we were unconditionally assigning CRASHDUMP_SIGNAL_FD
and CRASHPAD_HANDLER_PID to options.env.
This commit is contained in:
Charles Kerr 2024-05-27 03:41:42 -05:00 committed by GitHub
parent 6423968dc5
commit bb4374ee2c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -8,7 +8,7 @@ to child processes spawned with `ELECTRON_RUN_AS_NODE` which is used
by the crashpad client to connect with the handler process. by the crashpad client to connect with the handler process.
diff --git a/lib/child_process.js b/lib/child_process.js diff --git a/lib/child_process.js b/lib/child_process.js
index c09fca512584ce2c674ae1d05136ff4cd8ea8471..3947e231f4e641b97d12c9639a736fab8836787b 100644 index c09fca512584ce2c674ae1d05136ff4cd8ea8471..d4edaa71a7bf6660bad209fbfbc43014bb4bf741 100644
--- a/lib/child_process.js --- a/lib/child_process.js
+++ b/lib/child_process.js +++ b/lib/child_process.js
@@ -61,6 +61,7 @@ let debug = require('internal/util/debuglog').debuglog( @@ -61,6 +61,7 @@ let debug = require('internal/util/debuglog').debuglog(
@ -27,25 +27,34 @@ index c09fca512584ce2c674ae1d05136ff4cd8ea8471..3947e231f4e641b97d12c9639a736fab
args = [...execArgv, modulePath, ...args]; args = [...execArgv, modulePath, ...args];
if (typeof options.stdio === 'string') { if (typeof options.stdio === 'string') {
@@ -617,6 +617,21 @@ function normalizeSpawnArguments(file, args, options) { @@ -617,6 +617,22 @@ function normalizeSpawnArguments(file, args, options) {
'options.windowsVerbatimArguments'); 'options.windowsVerbatimArguments');
} }
+ if (process.platform === 'linux') { + const env = options.env || process.env;
+ if (ObjectPrototypeHasOwnProperty(options.env || process.env, 'ELECTRON_RUN_AS_NODE') && +
+ (file === process.execPath)) { + if ((process.platform === 'linux') &&
+ // On Linux, pass the file descriptor which crashpad handler process + ObjectPrototypeHasOwnProperty(env, 'ELECTRON_RUN_AS_NODE') &&
+ // uses to monitor the child process and PID of the handler process. + (file === process.execPath)) {
+ // https://source.chromium.org/chromium/chromium/src/+/110.0.5415.0:components/crash/core/app/crashpad_linux.cc;l=199-206 + // On Linux, pass the file descriptor which crashpad handler process
+ const fd = getCrashdumpSignalFD(); + // uses to monitor the child process and PID of the handler process.
+ const pid = getCrashpadHandlerPID(); + // https://source.chromium.org/chromium/chromium/src/+/110.0.5415.0:components/crash/core/app/crashpad_linux.cc;l=199-206
+ if (fd !== -1 && pid !== -1) { + const fd = getCrashdumpSignalFD();
+ options.env.CRASHDUMP_SIGNAL_FD = fd; + const pid = getCrashpadHandlerPID();
+ options.env.CRASHPAD_HANDLER_PID = pid; + if (fd !== -1 && pid !== -1) {
+ } + env.CRASHDUMP_SIGNAL_FD = fd;
+ env.CRASHPAD_HANDLER_PID = pid;
+ } + }
+ } + }
+ +
if (options.shell) { if (options.shell) {
validateArgumentNullCheck(options.shell, 'options.shell'); validateArgumentNullCheck(options.shell, 'options.shell');
const command = ArrayPrototypeJoin([file, ...args], ' '); const command = ArrayPrototypeJoin([file, ...args], ' ');
@@ -650,7 +666,6 @@ function normalizeSpawnArguments(file, args, options) {
ArrayPrototypeUnshift(args, file);
}
- const env = options.env || process.env;
const envPairs = [];
// process.env.NODE_V8_COVERAGE always propagates, making it possible to