From 48cf8c8286ec24925b9939ccf72a4fbdc3a57626 Mon Sep 17 00:00:00 2001
From: Ben Noordhuis <info@bnoordhuis.nl>
Date: Mon, 8 Jun 2020 09:03:29 +0200
Subject: [PATCH] unix,win: more uv_read_start() argument validation

Return `UV_EINVAL` when one or more arguments are NULL.

Fixes: https://github.com/libuv/help/issues/137
PR-URL: https://github.com/libuv/libuv/pull/2795
Reviewed-By: Jameson Nash <vtjnash@gmail.com>
Reviewed-By: Santiago Gimeno <santiago.gimeno@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Bartosz Sosnowski <bartosz@janeasystems.com>
---
 src/uv-common.c              | 3 +++
 test/test-pipe-getsockname.c | 8 ++++++--
 test/test-shutdown-eof.c     | 3 +++
 test/test-tcp-bind-error.c   | 4 +++-
 4 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/uv-common.c b/src/uv-common.c
index a314b194..dd559a11 100644
--- a/src/uv-common.c
+++ b/src/uv-common.c
@@ -835,6 +835,9 @@ void uv_loop_delete(uv_loop_t* loop) {
 int uv_read_start(uv_stream_t* stream,
                   uv_alloc_cb alloc_cb,
                   uv_read_cb read_cb) {
+  if (stream == NULL || alloc_cb == NULL || read_cb == NULL)
+    return UV_EINVAL;
+
   if (stream->flags & UV_HANDLE_CLOSING)
     return UV_EINVAL;
 
diff --git a/test/test-pipe-getsockname.c b/test/test-pipe-getsockname.c
index 48ee400e..5f377dcb 100644
--- a/test/test-pipe-getsockname.c
+++ b/test/test-pipe-getsockname.c
@@ -225,7 +225,9 @@ TEST_IMPL(pipe_getsockname_blocking) {
   ASSERT(r != -1);
   r = uv_pipe_open(&pipe_client, readfd);
   ASSERT(r == 0);
-  r = uv_read_start((uv_stream_t*)&pipe_client, NULL, NULL);
+  r = uv_read_start((uv_stream_t*) &pipe_client,
+                    (uv_alloc_cb) abort,
+                    (uv_read_cb) abort);
   ASSERT(r == 0);
   Sleep(100);
   r = uv_read_stop((uv_stream_t*)&pipe_client);
@@ -236,7 +238,9 @@ TEST_IMPL(pipe_getsockname_blocking) {
   ASSERT(r == 0);
   ASSERT(len1 == 0);  /* It's an annonymous pipe. */
 
-  r = uv_read_start((uv_stream_t*)&pipe_client, NULL, NULL);
+  r = uv_read_start((uv_stream_t*)&pipe_client,
+                    (uv_alloc_cb) abort,
+                    (uv_read_cb) abort);
   ASSERT(r == 0);
   Sleep(100);
 
diff --git a/test/test-shutdown-eof.c b/test/test-shutdown-eof.c
index a677ede9..0abab917 100644
--- a/test/test-shutdown-eof.c
+++ b/test/test-shutdown-eof.c
@@ -93,6 +93,9 @@ static void connect_cb(uv_connect_t *req, int status) {
 
   /* Check error handling. */
   ASSERT_EQ(UV_EALREADY, uv_read_start((uv_stream_t*)&tcp, alloc_cb, read_cb));
+  ASSERT_EQ(UV_EINVAL, uv_read_start(NULL, alloc_cb, read_cb));
+  ASSERT_EQ(UV_EINVAL, uv_read_start((uv_stream_t*)&tcp, NULL, read_cb));
+  ASSERT_EQ(UV_EINVAL, uv_read_start((uv_stream_t*)&tcp, alloc_cb, NULL));
 
   /*
    * Write the letter 'Q' to gracefully kill the echo-server. This will not
diff --git a/test/test-tcp-bind-error.c b/test/test-tcp-bind-error.c
index 29ed21e1..7732267f 100644
--- a/test/test-tcp-bind-error.c
+++ b/test/test-tcp-bind-error.c
@@ -283,7 +283,9 @@ TEST_IMPL(tcp_bind_writable_flags) {
   ASSERT(r == UV_EPIPE);
   r = uv_shutdown(&shutdown_req, (uv_stream_t*) &server, NULL);
   ASSERT(r == UV_ENOTCONN);
-  r = uv_read_start((uv_stream_t*) &server, NULL, NULL);
+  r = uv_read_start((uv_stream_t*) &server,
+                    (uv_alloc_cb) abort,
+                    (uv_read_cb) abort);
   ASSERT(r == UV_ENOTCONN);
 
   uv_close((uv_handle_t*)&server, close_cb);