child_process.spawnSync is memory unsafe and can be used to dump core
- Version: 6.5.0
- Platform:
- Subsystem: child_process
child_process.spawnSync
is memory unsafe and segfaults when given an array/object for the file argument with a throwing toString definition.
This doesn't seem like a serious security vulnerability (hence my reporting here), but can certainly be used to cause DOS and it might be nice to have a stdlib that is memory safe.
const file = {};
file.toString = () => { throw 'w00t'; };
const child_process = require('child_process');
child_process.spawnSync(file);
// causes ToString in src/spawn_sync.cc:933 to return empty handle which is then
// used on line 933 and thus leads to SEGFAULT
Related to: #8537, #8538, #7902 (closed)
@mlfbrown