Ensure args is an array #31
Conversation
|
Socket.io itself handles event packets in a similar way https://github.com/socketio/socket.io/blob/2b216902e121ac2205444019b6d9316654809b29/lib/socket.js#L351-L359 What's the |
|
Yes, Socket IO is using in a similar way, but socket IO is not using apply. Apply requires an array. Socket IO is not using apply, that's why it's not crashing socket IO. |
|
Can you provide a minimal code sample that reproduces the error? |
| var args = packet.data || [] | ||
| var args = []; | ||
|
|
||
| if (packet.data && packet.data.constructor === Array) { |
There was a problem hiding this comment.
For those packet.data which is not an Array, what are them? Any reason that we should ignore them?
There was a problem hiding this comment.
A socket IO payload should be like [ 'my_event', my_data ]
There is no reason to catch non-array payloads. These are not valid at all.
You can just send raw data over a websocket and crash an entire server.
There was a problem hiding this comment.
Hmmm, random raw data through the websocket should not get through the parser at all. Maybe what we are dealing with is an error packet? In this case, we might actually want to catch that.
Id packet.id is null and packet.data is not an array you can expect this error:
CreateListFromArrayLike called on non-object
This commit is fixing this.