-
Notifications
You must be signed in to change notification settings - Fork 105
Permalink
Choose a base ref
{{ refName }}
default
Choose a head ref
{{ refName }}
default
Comparing changes
Choose two branches to see what’s changed or to start a new pull request.
If you need to, you can also or
learn more about diff comparisons.
Open a pull request
Create a new pull request by comparing changes across two branches. If you need to, you can also .
Learn more about diff comparisons here.
base repository: socketio/socket.io-parser
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 3.2.0
Could not load branches
Nothing to show
Loading
Could not load tags
Nothing to show
{{ refName }}
default
Loading
...
head repository: socketio/socket.io-parser
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 3.4.3
Could not load branches
Nothing to show
Loading
Could not load tags
Nothing to show
{{ refName }}
default
Loading
- 16 commits
- 16 files changed
- 4 contributors
Commits on Nov 7, 2018
-
Configuration menu - View commit details
-
Copy full SHA for 48f340e - Browse repository at this point
Copy the full SHA 48f340eView commit details -
Configuration menu - View commit details
-
Copy full SHA for b57e063 - Browse repository at this point
Copy the full SHA b57e063View commit details -
Configuration menu - View commit details
-
Copy full SHA for d95e38f - Browse repository at this point
Copy the full SHA d95e38fView commit details -
Configuration menu - View commit details
-
Copy full SHA for b47efb2 - Browse repository at this point
Copy the full SHA b47efb2View commit details -
Configuration menu - View commit details
-
Copy full SHA for 0de72b9 - Browse repository at this point
Copy the full SHA 0de72b9View commit details
Commits on Nov 19, 2018
-
Configuration menu - View commit details
-
Copy full SHA for de1fd36 - Browse repository at this point
Copy the full SHA de1fd36View commit details
Commits on Sep 20, 2019
-
Configuration menu - View commit details
-
Copy full SHA for 9b3572e - Browse repository at this point
Copy the full SHA 9b3572eView commit details -
The build failure is due to some ES6 usage in the debug dependency, which will have to be fixed in the future (by using Babel for example). Diff: 3.3.0...3.4.0
Configuration menu - View commit details
-
Copy full SHA for 652402a - Browse repository at this point
Copy the full SHA 652402aView commit details
Commits on May 13, 2020
-
Configuration menu - View commit details
-
Copy full SHA for a5d0435 - Browse repository at this point
Copy the full SHA a5d0435View commit details -
fix: prevent DoS (OOM) via massive packets (#95)
When maxHttpBufferSize is large (1e8 bytes), a payload of length 100MB can be sent like so: 99999991:422222222222222222222222222222222222222222222... This massive packet can cause OOM via building up many many `ConsOneByteString` objects due to concatenation: 99999989 `ConsOneByteString`s and then converting the massive integer to a `Number`. The performance can be improved to avoid this by using `substring` rather than building the string via concatenation. Below I tried one payload of length 7e7 as the 1e8 payload took so long to process that it timed out before running out of memory. ``` ==== JS stack trace ========================================= 0: ExitFrame [pc: 0x13c5b79] Security context: 0x152fe7b808d1 <JSObject> 1: decodeString [0x2dd385fb5d1] [/node_modules/socket.io-parser/index.js:~276] [pc=0xf59746881be](this=0x175d34c42b69 <JSGlobal Object>,0x14eccff10fe1 <Very long string[69999990]>) 2: add [0x31fc2693da29] [/node_modules/socket.io-parser/index.js:242] [bytecode=0xa7ed6554889 offset=11](this=0x0a2881be5069 <Decoder map = 0x3ceaa8bf48c9>,0x14eccff10fe1 <Very... FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory 1: 0xa09830 node::Abort() [node] 2: 0xa09c55 node::OnFatalError(char const*, char const*) [node] 3: 0xb7d71e v8::Utils::ReportOOMFailure(v8::internal::Isolate*, char const*, bool) [node] 4: 0xb7da99 v8::internal::V8::FatalProcessOutOfMemory(v8::internal::Isolate*, char const*, bool) [node] 5: 0xd2a1f5 [node] 6: 0xd2a886 v8::internal::Heap::RecomputeLimits(v8::internal::GarbageCollector) [node] 7: 0xd37105 v8::internal::Heap::PerformGarbageCollection(v8::internal::GarbageCollector, v8::GCCallbackFlags) [node] 8: 0xd37fb5 v8::internal::Heap::CollectGarbage(v8::internal::AllocationSpace, v8::internal::GarbageCollectionReason, v8::GCCallbackFlags) [node] 9: 0xd3965f v8::internal::Heap::HandleGCRequest() [node] 10: 0xce8395 v8::internal::StackGuard::HandleInterrupts() [node] 11: 0x1042cb6 v8::internal::Runtime_StackGuard(int, unsigned long*, v8::internal::Isolate*) [node] 12: 0x13c5b79 [node] ```
1Configuration menu - View commit details
-
Copy full SHA for dcb942d - Browse repository at this point
Copy the full SHA dcb942dView commit details -
Configuration menu - View commit details
-
Copy full SHA for a8130ce - Browse repository at this point
Copy the full SHA a8130ceView commit details
Commits on Sep 17, 2020
-
test: add Node.js 12 and 14 in the build matrix
Node.js 8 is removed, as it is now EOL. Note: the node_modules folder is cached by default
Configuration menu - View commit details
-
Copy full SHA for 6a59237 - Browse repository at this point
Copy the full SHA 6a59237View commit details
Commits on Nov 9, 2022
-
fix: check the format of the index of each attachment
A specially crafted packet could be incorrectly decoded. Example: ```js const decoder = new Decoder(); decoder.on("decoded", (packet) => { console.log(packet.data); // prints [ 'hello', [Function: splice] ] }) decoder.add('51-["hello",{"_placeholder":true,"num":"splice"}]'); decoder.add(Buffer.from("world")); ``` As usual, please remember not to trust user input. Backported from b5d0cb7
Configuration menu - View commit details
-
Copy full SHA for 04d23ce - Browse repository at this point
Copy the full SHA 04d23ceView commit details -
Configuration menu - View commit details
-
Copy full SHA for 4b3c191 - Browse repository at this point
Copy the full SHA 4b3c191View commit details
Commits on May 22, 2023
-
fix: check the format of the event name
A packet like '2[{"toString":"foo"}]' was decoded as: { type: EVENT, data: [ { "toString": "foo" } ] } Which would then throw an error when passed to the EventEmitter class: > TypeError: Cannot convert object to primitive value > at Socket.emit (node:events:507:25) > at .../node_modules/socket.io/lib/socket.js:531:14 History of the isPayloadValid() method: - added in [78f9fc2](78f9fc2) (v4.0.1, socket.io@3.0.0) - updated in [1c220dd](1c220dd) (v4.0.4, socket.io@3.1.0) Backported from 3b78117
Configuration menu - View commit details
-
Copy full SHA for 2dc3c92 - Browse repository at this point
Copy the full SHA 2dc3c92View commit details -
Configuration menu - View commit details
-
Copy full SHA for 060339a - Browse repository at this point
Copy the full SHA 060339aView commit details
Loading
This comparison is taking too long to generate.
Unfortunately it looks like we can’t render this comparison for you right now. It might be too big, or there might be something weird with your repository.
You can try running this command locally to see the comparison on your machine:
git diff 3.2.0...3.4.3