Fix handleIndexError crash on throw null in query servers#5953
Fix handleIndexError crash on throw null in query servers#5953vamsi2246 wants to merge 2 commits intoapache:mainfrom
Conversation
If an untrusted map function executes 'throw null', the check 'err[0] == "fatal"' evaluates 'null[0]' which throws an uncaught TypeError, fatally crashing the JavaScript worker process. This adds a null guard 'err && err[0]' to nouveau.js, views.js, and dreyfus.js.
|
What is an "untrusted map function" and why would you do a "throw null"? |
|
(and noting that our mandatory form has been deleted. It needs to be restored and completely honestly before we could consider merging) |
|
noting that this just crashes things we expect to crash in such events, it's not a security finding or a DDOS finding. Still, it is nice to handle such things more politely. |
|
@big-r81 we deliberately do not trust any javascript map or reduce functions, they're entered by users. it's why they are executed in a sandbox. |
I'm well aware of that 😉, I was just talking about the term itself — we're simply executing JavaScript code, whether it's trusted, untrusted or whatever ... |
3 participants
If an untrusted map function executes 'throw null', the check 'err[0] == "fatal"' evaluates 'null[0]' which throws an uncaught TypeError, fatally crashing the JavaScript worker process. This adds a null guard 'err && err[0]' to nouveau.js, views.js, and dreyfus.js.