Permalink
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
...
- 7 commits
- 7 files changed
- 2 contributors
Commits on Sep 29, 2020
-
chore: bump component-emitter dependency
Subscribing/unsubscribing for a lot of different event types could lead to a memory leak. See sindresorhus/component-emitter@aa2e57a Diff: sindresorhus/component-emitter@1.2.1...1.3.0
-
test: use Node.js 10 for the browser tests
It seems there is something wrong with newer versions (the CI seems stuck). Let's pin the version for now.
Commits on Sep 30, 2020
Commits on Jan 9, 2021
-
fix: prevent DoS (OOM) via massive packets (#95)
When maxHttpBufferSize is large (1e8 bytes), a payload of length 100MB can be sent like so: 99999991:422222222222222222222222222222222222222222222... This massive packet can cause OOM via building up many many `ConsOneByteString` objects due to concatenation: 99999989 `ConsOneByteString`s and then converting the massive integer to a `Number`. The performance can be improved to avoid this by using `substring` rather than building the string via concatenation. Below I tried one payload of length 7e7 as the 1e8 payload took so long to process that it timed out before running out of memory. ``` ==== JS stack trace ========================================= 0: ExitFrame [pc: 0x13c5b79] Security context: 0x152fe7b808d1 <JSObject> 1: decodeString [0x2dd385fb5d1] [/node_modules/socket.io-parser/index.js:~276] [pc=0xf59746881be](this=0x175d34c42b69 <JSGlobal Object>,0x14eccff10fe1 <Very long string[69999990]>) 2: add [0x31fc2693da29] [/node_modules/socket.io-parser/index.js:242] [bytecode=0xa7ed6554889 offset=11](this=0x0a2881be5069 <Decoder map = 0x3ceaa8bf48c9>,0x14eccff10fe1 <Very... FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory 1: 0xa09830 node::Abort() [node] 2: 0xa09c55 node::OnFatalError(char const*, char const*) [node] 3: 0xb7d71e v8::Utils::ReportOOMFailure(v8::internal::Isolate*, char const*, bool) [node] 4: 0xb7da99 v8::internal::V8::FatalProcessOutOfMemory(v8::internal::Isolate*, char const*, bool) [node] 5: 0xd2a1f5 [node] 6: 0xd2a886 v8::internal::Heap::RecomputeLimits(v8::internal::GarbageCollector) [node] 7: 0xd37105 v8::internal::Heap::PerformGarbageCollection(v8::internal::GarbageCollector, v8::GCCallbackFlags) [node] 8: 0xd37fb5 v8::internal::Heap::CollectGarbage(v8::internal::AllocationSpace, v8::internal::GarbageCollectionReason, v8::GCCallbackFlags) [node] 9: 0xd3965f v8::internal::Heap::HandleGCRequest() [node] 10: 0xce8395 v8::internal::StackGuard::HandleInterrupts() [node] 11: 0x1042cb6 v8::internal::Runtime_StackGuard(int, unsigned long*, v8::internal::Isolate*) [node] 12: 0x13c5b79 [node] ``` Backported from master: dcb942d
Commits on Nov 9, 2022
-
fix: check the format of the index of each attachment
A specially crafted packet could be incorrectly decoded. Example: ```js const decoder = new Decoder(); decoder.on("decoded", (packet) => { console.log(packet.data); // prints [ 'hello', [Function: splice] ] }) decoder.add('51-["hello",{"_placeholder":true,"num":"splice"}]'); decoder.add(Buffer.from("world")); ``` As usual, please remember not to trust user input. Backported from b5d0cb7
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff 3.3.0...3.3.3