From 939ea06f458af6863734c5ebc2fd10a869cc7e5b Mon Sep 17 00:00:00 2001
From: Karl Skomski <karl@skomski.com>
Date: Tue, 11 Aug 2015 12:38:57 +0200
Subject: [PATCH] unix,win: return EINVAL on nullptr args in uv_fs_{read,write}
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

PR-URL: https://github.com/libuv/libuv/pull/470
Reviewed-By: Saúl Ibarra Corretgé <saghul@gmail.com>
---
 src/unix/fs.c                 |  6 ++++++
 src/win/fs.c                  |  6 ++++++
 test/test-fs.c                | 21 +++++++++++++++++++++
 test/test-list.h              |  2 ++
 test/test-threadpool-cancel.c |  6 ++++--
 5 files changed, 39 insertions(+), 2 deletions(-)

diff --git a/src/unix/fs.c b/src/unix/fs.c
index 5cb4c2b3..3ec6bf89 100644
--- a/src/unix/fs.c
+++ b/src/unix/fs.c
@@ -1071,6 +1071,9 @@ int uv_fs_read(uv_loop_t* loop, uv_fs_t* req,
                unsigned int nbufs,
                int64_t off,
                uv_fs_cb cb) {
+  if (bufs == NULL || nbufs == 0)
+    return -EINVAL;
+
   INIT(READ);
   req->file = file;
 
@@ -1193,6 +1196,9 @@ int uv_fs_write(uv_loop_t* loop,
                 unsigned int nbufs,
                 int64_t off,
                 uv_fs_cb cb) {
+  if (bufs == NULL || nbufs == 0)
+    return -EINVAL;
+
   INIT(WRITE);
   req->file = file;
 
diff --git a/src/win/fs.c b/src/win/fs.c
index e837d5de..612e92b3 100644
--- a/src/win/fs.c
+++ b/src/win/fs.c
@@ -1831,6 +1831,9 @@ int uv_fs_read(uv_loop_t* loop,
                unsigned int nbufs,
                int64_t offset,
                uv_fs_cb cb) {
+  if (bufs == NULL || nbufs == 0)
+    return UV_EINVAL;
+
   uv_fs_req_init(loop, req, UV_FS_READ, cb);
 
   req->file.fd = fd;
@@ -1864,6 +1867,9 @@ int uv_fs_write(uv_loop_t* loop,
                 unsigned int nbufs,
                 int64_t offset,
                 uv_fs_cb cb) {
+  if (bufs == NULL || nbufs == 0)
+    return UV_EINVAL;
+
   uv_fs_req_init(loop, req, UV_FS_WRITE, cb);
 
   req->file.fd = fd;
diff --git a/test/test-fs.c b/test/test-fs.c
index d86fbf7a..a96f4325 100644
--- a/test/test-fs.c
+++ b/test/test-fs.c
@@ -2514,3 +2514,24 @@ TEST_IMPL(fs_write_alotof_bufs_with_offset) {
   MAKE_VALGRIND_HAPPY();
   return 0;
 }
+
+
+TEST_IMPL(fs_read_write_null_arguments) {
+  int r;
+
+  r = uv_fs_read(NULL, NULL, 0, NULL, 0, -1, NULL);
+  ASSERT(r == UV_EINVAL);
+
+  r = uv_fs_write(NULL, NULL, 0, NULL, 0, -1, NULL);
+  ASSERT(r == UV_EINVAL);
+
+  iov = uv_buf_init(NULL, 0);
+  r = uv_fs_read(NULL, NULL, 0, &iov, 0, -1, NULL);
+  ASSERT(r == UV_EINVAL);
+
+  iov = uv_buf_init(NULL, 0);
+  r = uv_fs_write(NULL, NULL, 0, &iov, 0, -1, NULL);
+  ASSERT(r == UV_EINVAL);
+
+  return 0;
+}
diff --git a/test/test-list.h b/test/test-list.h
index 1f0982ff..c6f1d3c3 100644
--- a/test/test-list.h
+++ b/test/test-list.h
@@ -275,6 +275,7 @@ TEST_DECLARE   (fs_scandir_file)
 TEST_DECLARE   (fs_open_dir)
 TEST_DECLARE   (fs_rename_to_existing_file)
 TEST_DECLARE   (fs_write_multiple_bufs)
+TEST_DECLARE   (fs_read_write_null_arguments)
 TEST_DECLARE   (fs_write_alotof_bufs)
 TEST_DECLARE   (fs_write_alotof_bufs_with_offset)
 TEST_DECLARE   (threadpool_queue_work_simple)
@@ -690,6 +691,7 @@ TASK_LIST_START
   TEST_ENTRY  (fs_write_multiple_bufs)
   TEST_ENTRY  (fs_write_alotof_bufs)
   TEST_ENTRY  (fs_write_alotof_bufs_with_offset)
+  TEST_ENTRY  (fs_read_write_null_arguments)
   TEST_ENTRY  (threadpool_queue_work_simple)
   TEST_ENTRY  (threadpool_queue_work_einval)
   TEST_ENTRY  (threadpool_multiple_event_loops)
diff --git a/test/test-threadpool-cancel.c b/test/test-threadpool-cancel.c
index f999cba8..cb456224 100644
--- a/test/test-threadpool-cancel.c
+++ b/test/test-threadpool-cancel.c
@@ -279,10 +279,12 @@ TEST_IMPL(threadpool_cancel_fs) {
   uv_fs_t reqs[25];
   uv_loop_t* loop;
   unsigned n;
+  uv_buf_t iov;
 
   INIT_CANCEL_INFO(&ci, reqs);
   loop = uv_default_loop();
   saturate_threadpool();
+  iov = uv_buf_init(NULL, 0);
 
   /* Needs to match ARRAY_SIZE(fs_reqs). */
   n = 0;
@@ -300,7 +302,7 @@ TEST_IMPL(threadpool_cancel_fs) {
   ASSERT(0 == uv_fs_lstat(loop, reqs + n++, "/", fs_cb));
   ASSERT(0 == uv_fs_mkdir(loop, reqs + n++, "/", 0, fs_cb));
   ASSERT(0 == uv_fs_open(loop, reqs + n++, "/", 0, 0, fs_cb));
-  ASSERT(0 == uv_fs_read(loop, reqs + n++, 0, NULL, 0, 0, fs_cb));
+  ASSERT(0 == uv_fs_read(loop, reqs + n++, 0, &iov, 1, 0, fs_cb));
   ASSERT(0 == uv_fs_scandir(loop, reqs + n++, "/", 0, fs_cb));
   ASSERT(0 == uv_fs_readlink(loop, reqs + n++, "/", fs_cb));
   ASSERT(0 == uv_fs_rename(loop, reqs + n++, "/", "/", fs_cb));
@@ -310,7 +312,7 @@ TEST_IMPL(threadpool_cancel_fs) {
   ASSERT(0 == uv_fs_symlink(loop, reqs + n++, "/", "/", 0, fs_cb));
   ASSERT(0 == uv_fs_unlink(loop, reqs + n++, "/", fs_cb));
   ASSERT(0 == uv_fs_utime(loop, reqs + n++, "/", 0, 0, fs_cb));
-  ASSERT(0 == uv_fs_write(loop, reqs + n++, 0, NULL, 0, 0, fs_cb));
+  ASSERT(0 == uv_fs_write(loop, reqs + n++, 0, &iov, 1, 0, fs_cb));
   ASSERT(n == ARRAY_SIZE(reqs));
 
   ASSERT(0 == uv_timer_init(loop, &ci.timer_handle));