From 7d7853369c4236082bb59333392b638007a54276 Mon Sep 17 00:00:00 2001
From: Alexey Orlenko <eaglexrlnk@gmail.com>
Date: Thu, 18 May 2017 12:49:08 +0300
Subject: [PATCH 1/6] zlib: fix node crashing on invalid options

The main reason behind this commit is fixing the Node process crashing
when zlib rejects the given options.

Besides that issue, which got reported and which is linked to this
commit, it turned out that Node also used to crash when a non-numeric
value was passed as the `windowBits` or the `memLevel` option. This was
fixed somewhat inadvertently; initially it was just a stylistic change
to avoid lines spanning longer than 80 characters that was written in a
manner consistent with surrounding code.

Fixes: https://github.com/nodejs/node/issues/13082
---
 lib/zlib.js                            | 37 ++++++++++++++++++++------
 src/node_zlib.cc                       | 14 +++++++---
 test/parallel/test-zlib-failed-init.js | 15 +++++++++++
 3 files changed, 55 insertions(+), 11 deletions(-)
 create mode 100644 test/parallel/test-zlib-failed-init.js

diff --git a/lib/zlib.js b/lib/zlib.js
index 00be56dffc44fb..8804034017eb12 100644
--- a/lib/zlib.js
+++ b/lib/zlib.js
@@ -146,7 +146,14 @@ function zlibOnError(message, errno) {
   var error = new Error(message);
   error.errno = errno;
   error.code = codes[errno];
-  this.emit('error', error);
+
+  if (this._initSuccess) {
+    this.emit('error', error);
+  } else {
+    process.nextTick(() => {
+      this.emit('error', error);
+    });
+  }
 }
 
 function flushCallback(level, strategy, callback) {
@@ -222,6 +229,7 @@ class Zlib extends Transform {
     this._handle = new binding.Zlib(mode);
     this._handle.onerror = zlibOnError.bind(this);
     this._hadError = false;
+    this._initSuccess = false;
 
     var level = constants.Z_DEFAULT_COMPRESSION;
     if (typeof opts.level === 'number') level = opts.level;
@@ -229,13 +237,24 @@ class Zlib extends Transform {
     var strategy = constants.Z_DEFAULT_STRATEGY;
     if (typeof opts.strategy === 'number') strategy = opts.strategy;
 
-    this._handle.init(opts.windowBits || constants.Z_DEFAULT_WINDOWBITS,
-                      level,
-                      opts.memLevel || constants.Z_DEFAULT_MEMLEVEL,
-                      strategy,
-                      opts.dictionary);
+    var windowBits = constants.Z_DEFAULT_WINDOWBITS;
+    if (typeof opts.windowBits === 'number') windowBits = opts.windowBits;
+
+    var memLevel = constants.Z_DEFAULT_MEMLEVEL;
+    if (typeof opts.memLevel === 'number') memLevel = opts.memLevel;
+
+    this._initSuccess = this._handle.init(windowBits,
+                                          level,
+                                          memLevel,
+                                          strategy,
+                                          opts.dictionary);
+
+    if (this._initSuccess) {
+      this._buffer = Buffer.allocUnsafe(this._chunkSize);
+    } else {
+      this._buffer = null;
+    }
 
-    this._buffer = Buffer.allocUnsafe(this._chunkSize);
     this._offset = 0;
     this._level = level;
     this._strategy = strategy;
@@ -467,7 +486,9 @@ function _close(engine, callback) {
   if (!engine._handle)
     return;
 
-  engine._handle.close();
+  if (engine._initSuccess)
+    engine._handle.close();
+
   engine._handle = null;
 }
 
diff --git a/src/node_zlib.cc b/src/node_zlib.cc
index e4adda52026c87..d4e21aea17b436 100644
--- a/src/node_zlib.cc
+++ b/src/node_zlib.cc
@@ -40,6 +40,7 @@
 namespace node {
 
 using v8::Array;
+using v8::Boolean;
 using v8::Context;
 using v8::FunctionCallbackInfo;
 using v8::FunctionTemplate;
@@ -480,9 +481,11 @@ class ZCtx : public AsyncWrap {
       memcpy(dictionary, Buffer::Data(dictionary_), dictionary_len);
     }
 
-    Init(ctx, level, windowBits, memLevel, strategy,
-         dictionary, dictionary_len);
+    bool result = Init(ctx, level, windowBits, memLevel, strategy,
+                       dictionary, dictionary_len);
     SetDictionary(ctx);
+
+    args.GetReturnValue().Set(Boolean::New(args.GetIsolate(), result));
   }
 
   static void Params(const FunctionCallbackInfo<Value>& args) {
@@ -499,7 +502,7 @@ class ZCtx : public AsyncWrap {
     SetDictionary(ctx);
   }
 
-  static void Init(ZCtx *ctx, int level, int windowBits, int memLevel,
+  static bool Init(ZCtx *ctx, int level, int windowBits, int memLevel,
                    int strategy, char* dictionary, size_t dictionary_len) {
     ctx->level_ = level;
     ctx->windowBits_ = windowBits;
@@ -553,6 +556,9 @@ class ZCtx : public AsyncWrap {
 
     if (ctx->err_ != Z_OK) {
       ZCtx::Error(ctx, "Init error");
+      if (dictionary != nullptr)
+        delete[] dictionary;
+      return false;
     }
 
 
@@ -561,6 +567,8 @@ class ZCtx : public AsyncWrap {
 
     ctx->write_in_progress_ = false;
     ctx->init_done_ = true;
+
+    return true;
   }
 
   static void SetDictionary(ZCtx* ctx) {
diff --git a/test/parallel/test-zlib-failed-init.js b/test/parallel/test-zlib-failed-init.js
new file mode 100644
index 00000000000000..b250ebffcf7bd4
--- /dev/null
+++ b/test/parallel/test-zlib-failed-init.js
@@ -0,0 +1,15 @@
+'use strict';
+
+const common = require('../common');
+
+const assert = require('assert');
+const zlib = require('zlib');
+
+// For raw deflate or gzip encoding, a request for a 256-byte window is
+// rejected as invalid, since only zlib headers provide means of transmitting
+// the window size to the decompressor.
+// (http://zlib.net/manual.html#Advanced)
+const deflate = zlib.createDeflateRaw({ windowBits: 8 });
+deflate.on('error', common.mustCall((error) => {
+  assert.ok(/Init error/.test(error));
+}));

From c5440af50c479b415aefeae798dfa0f5f570aa7a Mon Sep 17 00:00:00 2001
From: Alexey Orlenko <eaglexrlnk@gmail.com>
Date: Thu, 18 May 2017 16:00:36 +0300
Subject: [PATCH 2/6] squash! follow an alternative approach

Throw an Error synchronously instead of fiddling with 'error' events.
---
 doc/api/zlib.md                        |  4 ++++
 lib/zlib.js                            | 31 +++++++-------------------
 src/node_zlib.cc                       | 25 +++++++++------------
 test/parallel/test-zlib-failed-init.js | 14 +++++-------
 4 files changed, 28 insertions(+), 46 deletions(-)

diff --git a/doc/api/zlib.md b/doc/api/zlib.md
index abfb6e2038b6d3..ee112ba61c6509 100644
--- a/doc/api/zlib.md
+++ b/doc/api/zlib.md
@@ -437,6 +437,10 @@ added: v0.5.8
 
 Returns a new [DeflateRaw][] object with an [options][].
 
+**Note:** zlib library rejects requests for 256-byte windows (i.e.,
+`{ windowBits: 8 }` in `options`). An `Error` will be thrown when creating
+a [DeflateRaw][] object with this specific value of the `windowBits` option.
+
 ## zlib.createGunzip([options])
 <!-- YAML
 added: v0.5.8
diff --git a/lib/zlib.js b/lib/zlib.js
index 8804034017eb12..1b20e160052097 100644
--- a/lib/zlib.js
+++ b/lib/zlib.js
@@ -146,14 +146,7 @@ function zlibOnError(message, errno) {
   var error = new Error(message);
   error.errno = errno;
   error.code = codes[errno];
-
-  if (this._initSuccess) {
-    this.emit('error', error);
-  } else {
-    process.nextTick(() => {
-      this.emit('error', error);
-    });
-  }
+  this.emit('error', error);
 }
 
 function flushCallback(level, strategy, callback) {
@@ -229,7 +222,6 @@ class Zlib extends Transform {
     this._handle = new binding.Zlib(mode);
     this._handle.onerror = zlibOnError.bind(this);
     this._hadError = false;
-    this._initSuccess = false;
 
     var level = constants.Z_DEFAULT_COMPRESSION;
     if (typeof opts.level === 'number') level = opts.level;
@@ -243,18 +235,13 @@ class Zlib extends Transform {
     var memLevel = constants.Z_DEFAULT_MEMLEVEL;
     if (typeof opts.memLevel === 'number') memLevel = opts.memLevel;
 
-    this._initSuccess = this._handle.init(windowBits,
-                                          level,
-                                          memLevel,
-                                          strategy,
-                                          opts.dictionary);
-
-    if (this._initSuccess) {
-      this._buffer = Buffer.allocUnsafe(this._chunkSize);
-    } else {
-      this._buffer = null;
-    }
+    this._handle.init(windowBits,
+                      level,
+                      memLevel,
+                      strategy,
+                      opts.dictionary);
 
+    this._buffer = Buffer.allocUnsafe(this._chunkSize);
     this._offset = 0;
     this._level = level;
     this._strategy = strategy;
@@ -486,9 +473,7 @@ function _close(engine, callback) {
   if (!engine._handle)
     return;
 
-  if (engine._initSuccess)
-    engine._handle.close();
-
+  engine._handle.close();
   engine._handle = null;
 }
 
diff --git a/src/node_zlib.cc b/src/node_zlib.cc
index d4e21aea17b436..4495eb2bcad255 100644
--- a/src/node_zlib.cc
+++ b/src/node_zlib.cc
@@ -40,7 +40,6 @@
 namespace node {
 
 using v8::Array;
-using v8::Boolean;
 using v8::Context;
 using v8::FunctionCallbackInfo;
 using v8::FunctionTemplate;
@@ -481,11 +480,9 @@ class ZCtx : public AsyncWrap {
       memcpy(dictionary, Buffer::Data(dictionary_), dictionary_len);
     }
 
-    bool result = Init(ctx, level, windowBits, memLevel, strategy,
-                       dictionary, dictionary_len);
+    Init(ctx, level, windowBits, memLevel, strategy,
+         dictionary, dictionary_len);
     SetDictionary(ctx);
-
-    args.GetReturnValue().Set(Boolean::New(args.GetIsolate(), result));
   }
 
   static void Params(const FunctionCallbackInfo<Value>& args) {
@@ -502,7 +499,7 @@ class ZCtx : public AsyncWrap {
     SetDictionary(ctx);
   }
 
-  static bool Init(ZCtx *ctx, int level, int windowBits, int memLevel,
+  static void Init(ZCtx *ctx, int level, int windowBits, int memLevel,
                    int strategy, char* dictionary, size_t dictionary_len) {
     ctx->level_ = level;
     ctx->windowBits_ = windowBits;
@@ -554,21 +551,19 @@ class ZCtx : public AsyncWrap {
         CHECK(0 && "wtf?");
     }
 
-    if (ctx->err_ != Z_OK) {
-      ZCtx::Error(ctx, "Init error");
-      if (dictionary != nullptr)
-        delete[] dictionary;
-      return false;
-    }
-
-
     ctx->dictionary_ = reinterpret_cast<Bytef *>(dictionary);
     ctx->dictionary_len_ = dictionary_len;
 
     ctx->write_in_progress_ = false;
     ctx->init_done_ = true;
 
-    return true;
+    if (ctx->err_ != Z_OK) {
+      if (dictionary != nullptr) {
+        delete[] dictionary;
+        ctx->dictionary_ = nullptr;
+      }
+      ctx->env()->ThrowError("Init error");
+    }
   }
 
   static void SetDictionary(ZCtx* ctx) {
diff --git a/test/parallel/test-zlib-failed-init.js b/test/parallel/test-zlib-failed-init.js
index b250ebffcf7bd4..8adb739b78abbe 100644
--- a/test/parallel/test-zlib-failed-init.js
+++ b/test/parallel/test-zlib-failed-init.js
@@ -1,15 +1,13 @@
 'use strict';
 
-const common = require('../common');
+require('../common');
 
 const assert = require('assert');
 const zlib = require('zlib');
 
-// For raw deflate or gzip encoding, a request for a 256-byte window is
-// rejected as invalid, since only zlib headers provide means of transmitting
-// the window size to the decompressor.
+// For raw deflate encoding, requests for 256-byte windows are rejected as
+// invalid by zlib.
 // (http://zlib.net/manual.html#Advanced)
-const deflate = zlib.createDeflateRaw({ windowBits: 8 });
-deflate.on('error', common.mustCall((error) => {
-  assert.ok(/Init error/.test(error));
-}));
+assert.throws(() => {
+  zlib.createDeflateRaw({ windowBits: 8 });
+}, /Init error/);

From c5f18b1c48da6227d0854dc59d9881c9ac8c19f0 Mon Sep 17 00:00:00 2001
From: Alexey Orlenko <eaglexrlnk@gmail.com>
Date: Thu, 18 May 2017 17:20:49 +0300
Subject: [PATCH 3/6] squash! address the feedback

---
 doc/api/zlib.md                        | 2 +-
 test/parallel/test-zlib-failed-init.js | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/doc/api/zlib.md b/doc/api/zlib.md
index ee112ba61c6509..be3c79a57d2357 100644
--- a/doc/api/zlib.md
+++ b/doc/api/zlib.md
@@ -437,7 +437,7 @@ added: v0.5.8
 
 Returns a new [DeflateRaw][] object with an [options][].
 
-**Note:** zlib library rejects requests for 256-byte windows (i.e.,
+**Note:** the zlib library rejects requests for 256-byte windows (i.e.,
 `{ windowBits: 8 }` in `options`). An `Error` will be thrown when creating
 a [DeflateRaw][] object with this specific value of the `windowBits` option.
 
diff --git a/test/parallel/test-zlib-failed-init.js b/test/parallel/test-zlib-failed-init.js
index 8adb739b78abbe..afc2c82ddfca8e 100644
--- a/test/parallel/test-zlib-failed-init.js
+++ b/test/parallel/test-zlib-failed-init.js
@@ -10,4 +10,4 @@ const zlib = require('zlib');
 // (http://zlib.net/manual.html#Advanced)
 assert.throws(() => {
   zlib.createDeflateRaw({ windowBits: 8 });
-}, /Init error/);
+}, /^Error: Init error$/);

From e5c39bd9079ec7533a1eeaef2bd36b347777588a Mon Sep 17 00:00:00 2001
From: Alexey Orlenko <eaglexrlnk@gmail.com>
Date: Fri, 19 May 2017 21:31:36 +0300
Subject: [PATCH 4/6] zlib: fix bugs in the validation logic

---
 lib/zlib.js                            | 32 ++++++++++++++++++--------
 test/parallel/test-zlib-failed-init.js | 24 +++++++++++++++++++
 2 files changed, 46 insertions(+), 10 deletions(-)

diff --git a/lib/zlib.js b/lib/zlib.js
index 1b20e160052097..263cbad1e3832f 100644
--- a/lib/zlib.js
+++ b/lib/zlib.js
@@ -182,37 +182,37 @@ class Zlib extends Transform {
     this._finishFlushFlag = opts.finishFlush !== undefined ?
       opts.finishFlush : constants.Z_FINISH;
 
-    if (opts.chunkSize) {
+    if (opts.chunkSize !== undefined) {
       if (opts.chunkSize < constants.Z_MIN_CHUNK) {
         throw new RangeError('Invalid chunk size: ' + opts.chunkSize);
       }
     }
 
-    if (opts.windowBits) {
+    if (opts.windowBits !== undefined) {
       if (opts.windowBits < constants.Z_MIN_WINDOWBITS ||
           opts.windowBits > constants.Z_MAX_WINDOWBITS) {
         throw new RangeError('Invalid windowBits: ' + opts.windowBits);
       }
     }
 
-    if (opts.level) {
+    if (opts.level !== undefined) {
       if (opts.level < constants.Z_MIN_LEVEL ||
           opts.level > constants.Z_MAX_LEVEL) {
         throw new RangeError('Invalid compression level: ' + opts.level);
       }
     }
 
-    if (opts.memLevel) {
+    if (opts.memLevel !== undefined) {
       if (opts.memLevel < constants.Z_MIN_MEMLEVEL ||
           opts.memLevel > constants.Z_MAX_MEMLEVEL) {
         throw new RangeError('Invalid memLevel: ' + opts.memLevel);
       }
     }
 
-    if (opts.strategy && isInvalidStrategy(opts.strategy))
+    if (opts.strategy !== undefined && isInvalidStrategy(opts.strategy))
       throw new TypeError('Invalid strategy: ' + opts.strategy);
 
-    if (opts.dictionary) {
+    if (opts.dictionary !== undefined) {
       if (!ArrayBuffer.isView(opts.dictionary)) {
         throw new TypeError(
           'Invalid dictionary: it should be a Buffer, TypedArray, or DataView');
@@ -224,16 +224,28 @@ class Zlib extends Transform {
     this._hadError = false;
 
     var level = constants.Z_DEFAULT_COMPRESSION;
-    if (typeof opts.level === 'number') level = opts.level;
+    if (typeof opts.level === 'number' &&
+        Number.isFinite(opts.level)) {
+      level = opts.level;
+    }
 
     var strategy = constants.Z_DEFAULT_STRATEGY;
-    if (typeof opts.strategy === 'number') strategy = opts.strategy;
+    if (typeof opts.strategy === 'number' &&
+        Number.isFinite(opts.strategy)) {
+      strategy = opts.strategy;
+    }
 
     var windowBits = constants.Z_DEFAULT_WINDOWBITS;
-    if (typeof opts.windowBits === 'number') windowBits = opts.windowBits;
+    if (typeof opts.windowBits === 'number' &&
+        Number.isFinite(opts.windowBits)) {
+      windowBits = opts.windowBits;
+    }
 
     var memLevel = constants.Z_DEFAULT_MEMLEVEL;
-    if (typeof opts.memLevel === 'number') memLevel = opts.memLevel;
+    if (typeof opts.memLevel === 'number' &&
+        Number.isFinite(opts.memLevel)) {
+      memLevel = opts.memLevel;
+    }
 
     this._handle.init(windowBits,
                       level,
diff --git a/test/parallel/test-zlib-failed-init.js b/test/parallel/test-zlib-failed-init.js
index afc2c82ddfca8e..c7dd41b49de562 100644
--- a/test/parallel/test-zlib-failed-init.js
+++ b/test/parallel/test-zlib-failed-init.js
@@ -11,3 +11,27 @@ const zlib = require('zlib');
 assert.throws(() => {
   zlib.createDeflateRaw({ windowBits: 8 });
 }, /^Error: Init error$/);
+
+// Regression tests for bugs in the validation logic.
+
+assert.throws(() => {
+  zlib.createGzip({ chunkSize: 0 });
+}, /^RangeError: Invalid chunk size: 0$/);
+
+assert.throws(() => {
+  zlib.createGzip({ windowBits: 0 });
+}, /^RangeError: Invalid windowBits: 0$/);
+
+assert.throws(() => {
+  zlib.createGzip({ memLevel: 0 });
+}, /^RangeError: Invalid memLevel: 0$/);
+
+{
+  const stream = zlib.createGzip({ level: NaN });
+  assert.ok(!Number.isNaN(stream._level));
+}
+
+{
+  const stream = zlib.createGzip({ strategy: NaN });
+  assert.ok(!Number.isNaN(stream._strategy));
+}

From 7b39725c7739241a3269c26921e41416b7fde148 Mon Sep 17 00:00:00 2001
From: Alexey Orlenko <eaglexrlnk@gmail.com>
Date: Fri, 19 May 2017 23:59:15 +0300
Subject: [PATCH 5/6] squash! address feedback

---
 doc/api/zlib.md                        | 2 +-
 test/parallel/test-zlib-failed-init.js | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/doc/api/zlib.md b/doc/api/zlib.md
index be3c79a57d2357..f889914bb0ba56 100644
--- a/doc/api/zlib.md
+++ b/doc/api/zlib.md
@@ -437,7 +437,7 @@ added: v0.5.8
 
 Returns a new [DeflateRaw][] object with an [options][].
 
-**Note:** the zlib library rejects requests for 256-byte windows (i.e.,
+**Note:** The zlib library rejects requests for 256-byte windows (i.e.,
 `{ windowBits: 8 }` in `options`). An `Error` will be thrown when creating
 a [DeflateRaw][] object with this specific value of the `windowBits` option.
 
diff --git a/test/parallel/test-zlib-failed-init.js b/test/parallel/test-zlib-failed-init.js
index c7dd41b49de562..3b6da1d4fb840f 100644
--- a/test/parallel/test-zlib-failed-init.js
+++ b/test/parallel/test-zlib-failed-init.js
@@ -28,10 +28,10 @@ assert.throws(() => {
 
 {
   const stream = zlib.createGzip({ level: NaN });
-  assert.ok(!Number.isNaN(stream._level));
+  assert.strictEqual(stream._level, zlib.constants.Z_DEFAULT_COMPRESSION);
 }
 
 {
   const stream = zlib.createGzip({ strategy: NaN });
-  assert.ok(!Number.isNaN(stream._strategy));
+  assert.strictEqual(stream._strategy, zlib.constants.Z_DEFAULT_STRATEGY);
 }

From f91e191934803ea4918adf82c7f2a82311a85395 Mon Sep 17 00:00:00 2001
From: Alexey Orlenko <eaglexrlnk@gmail.com>
Date: Sat, 20 May 2017 15:23:39 +0300
Subject: [PATCH 6/6] squash! remove superfluous condition

---
 lib/zlib.js | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/lib/zlib.js b/lib/zlib.js
index 263cbad1e3832f..c1cc0a2c54f007 100644
--- a/lib/zlib.js
+++ b/lib/zlib.js
@@ -224,26 +224,22 @@ class Zlib extends Transform {
     this._hadError = false;
 
     var level = constants.Z_DEFAULT_COMPRESSION;
-    if (typeof opts.level === 'number' &&
-        Number.isFinite(opts.level)) {
+    if (Number.isFinite(opts.level)) {
       level = opts.level;
     }
 
     var strategy = constants.Z_DEFAULT_STRATEGY;
-    if (typeof opts.strategy === 'number' &&
-        Number.isFinite(opts.strategy)) {
+    if (Number.isFinite(opts.strategy)) {
       strategy = opts.strategy;
     }
 
     var windowBits = constants.Z_DEFAULT_WINDOWBITS;
-    if (typeof opts.windowBits === 'number' &&
-        Number.isFinite(opts.windowBits)) {
+    if (Number.isFinite(opts.windowBits)) {
       windowBits = opts.windowBits;
     }
 
     var memLevel = constants.Z_DEFAULT_MEMLEVEL;
-    if (typeof opts.memLevel === 'number' &&
-        Number.isFinite(opts.memLevel)) {
+    if (Number.isFinite(opts.memLevel)) {
       memLevel = opts.memLevel;
     }