Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: socketio/socket.io-parser
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 3.2.0
Choose a base ref
...
head repository: socketio/socket.io-parser
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 3.4.3
Choose a head ref
  • 16 commits
  • 16 files changed
  • 4 contributors

Commits on Nov 7, 2018

  1. Configuration menu
    Copy the full SHA
    48f340e View commit details
    Browse the repository at this point in the history
  2. Configuration menu
    Copy the full SHA
    b57e063 View commit details
    Browse the repository at this point in the history
  3. Configuration menu
    Copy the full SHA
    d95e38f View commit details
    Browse the repository at this point in the history
  4. Configuration menu
    Copy the full SHA
    b47efb2 View commit details
    Browse the repository at this point in the history
  5. [chore] Release 3.3.0

    darrachequesne committed Nov 7, 2018
    Configuration menu
    Copy the full SHA
    0de72b9 View commit details
    Browse the repository at this point in the history

Commits on Nov 19, 2018

  1. Configuration menu
    Copy the full SHA
    de1fd36 View commit details
    Browse the repository at this point in the history

Commits on Sep 20, 2019

  1. Configuration menu
    Copy the full SHA
    9b3572e View commit details
    Browse the repository at this point in the history
  2. [chore] Release 3.4.0

    The build failure is due to some ES6 usage in the debug dependency, which will have to be fixed
    in the future (by using Babel for example).
    
    Diff: 3.3.0...3.4.0
    darrachequesne committed Sep 20, 2019
    Configuration menu
    Copy the full SHA
    652402a View commit details
    Browse the repository at this point in the history

Commits on May 13, 2020

  1. Configuration menu
    Copy the full SHA
    a5d0435 View commit details
    Browse the repository at this point in the history
  2. fix: prevent DoS (OOM) via massive packets (#95)

    When maxHttpBufferSize is large (1e8 bytes), a payload of length 100MB
    can be sent like so:
    
    99999991:422222222222222222222222222222222222222222222...
    
    This massive packet can cause OOM via building up many many
    `ConsOneByteString` objects due to concatenation:
    99999989 `ConsOneByteString`s and then converting the massive integer to
    a `Number`.
    
    The performance can be improved to avoid this by using `substring`
    rather than building the string via concatenation.
    
    Below I tried one payload of length 7e7 as the 1e8 payload took so
    long to process that it timed out before running out of memory.
    
    ```
    ==== JS stack trace =========================================
    
        0: ExitFrame [pc: 0x13c5b79]
    Security context: 0x152fe7b808d1 <JSObject>
        1: decodeString [0x2dd385fb5d1] [/node_modules/socket.io-parser/index.js:~276] [pc=0xf59746881be](this=0x175d34c42b69 <JSGlobal Object>,0x14eccff10fe1 <Very long string[69999990]>)
        2: add [0x31fc2693da29] [/node_modules/socket.io-parser/index.js:242] [bytecode=0xa7ed6554889 offset=11](this=0x0a2881be5069 <Decoder map = 0x3ceaa8bf48c9>,0x14eccff10fe1 <Very...
    
    FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory
     1: 0xa09830 node::Abort() [node]
     2: 0xa09c55 node::OnFatalError(char const*, char const*) [node]
     3: 0xb7d71e v8::Utils::ReportOOMFailure(v8::internal::Isolate*, char const*, bool) [node]
     4: 0xb7da99 v8::internal::V8::FatalProcessOutOfMemory(v8::internal::Isolate*, char const*, bool) [node]
     5: 0xd2a1f5  [node]
     6: 0xd2a886 v8::internal::Heap::RecomputeLimits(v8::internal::GarbageCollector) [node]
     7: 0xd37105 v8::internal::Heap::PerformGarbageCollection(v8::internal::GarbageCollector, v8::GCCallbackFlags) [node]
     8: 0xd37fb5 v8::internal::Heap::CollectGarbage(v8::internal::AllocationSpace, v8::internal::GarbageCollectionReason, v8::GCCallbackFlags) [node]
     9: 0xd3965f v8::internal::Heap::HandleGCRequest() [node]
    10: 0xce8395 v8::internal::StackGuard::HandleInterrupts() [node]
    11: 0x1042cb6 v8::internal::Runtime_StackGuard(int, unsigned long*, v8::internal::Isolate*) [node]
    12: 0x13c5b79  [node]
    ```
    bcaller authored May 13, 2020
    1 Configuration menu
    Copy the full SHA
    dcb942d View commit details
    Browse the repository at this point in the history
  3. chore: release 3.4.1

    darrachequesne committed May 13, 2020
    Configuration menu
    Copy the full SHA
    a8130ce View commit details
    Browse the repository at this point in the history

Commits on Sep 17, 2020

  1. test: add Node.js 12 and 14 in the build matrix

    Node.js 8 is removed, as it is now EOL.
    
    Note: the node_modules folder is cached by default
    darrachequesne committed Sep 17, 2020
    Configuration menu
    Copy the full SHA
    6a59237 View commit details
    Browse the repository at this point in the history

Commits on Nov 9, 2022

  1. fix: check the format of the index of each attachment

    A specially crafted packet could be incorrectly decoded.
    
    Example:
    
    ```js
    const decoder = new Decoder();
    
    decoder.on("decoded", (packet) => {
      console.log(packet.data); // prints [ 'hello', [Function: splice] ]
    })
    
    decoder.add('51-["hello",{"_placeholder":true,"num":"splice"}]');
    decoder.add(Buffer.from("world"));
    ```
    
    As usual, please remember not to trust user input.
    
    Backported from b5d0cb7
    darrachequesne committed Nov 9, 2022
    Configuration menu
    Copy the full SHA
    04d23ce View commit details
    Browse the repository at this point in the history
  2. chore(release): 3.4.2

    darrachequesne committed Nov 9, 2022
    Configuration menu
    Copy the full SHA
    4b3c191 View commit details
    Browse the repository at this point in the history

Commits on May 22, 2023

  1. fix: check the format of the event name

    A packet like '2[{"toString":"foo"}]' was decoded as:
    
    {
      type: EVENT,
      data: [ { "toString": "foo" } ]
    }
    
    Which would then throw an error when passed to the EventEmitter class:
    
    > TypeError: Cannot convert object to primitive value
    >    at Socket.emit (node:events:507:25)
    >    at .../node_modules/socket.io/lib/socket.js:531:14
    
    History of the isPayloadValid() method:
    
    - added in [78f9fc2](78f9fc2) (v4.0.1, socket.io@3.0.0)
    - updated in [1c220dd](1c220dd) (v4.0.4, socket.io@3.1.0)
    
    Backported from 3b78117
    darrachequesne committed May 22, 2023
    Configuration menu
    Copy the full SHA
    2dc3c92 View commit details
    Browse the repository at this point in the history
  2. chore(release): 3.4.3

    darrachequesne committed May 22, 2023
    Configuration menu
    Copy the full SHA
    060339a View commit details
    Browse the repository at this point in the history
Loading