src: fix multiple format string bugs
The THROW_ERR_*
functions interpret the first argument as a printf
-like format string, which is problematic when it contains unsanitized user input. This typically happens when a printf
-like function is used to produce the error message, which is then passed to a THROW_ERR_*
function, which again interprets the error message as a format string.
Fix such occurrences by properly formatting error messages using static format strings only, and in a single step.
The added tests do not cover all changes; I only added tests for those occurrences that allow triggering a crash easily.
I am adding the security
label because such bugs are frequent causes of vulnerabilities, even though none of the occurrences I found seem to be exploitable realistically.
cc @nodejs/cpp-reviewers @nodejs/security