Skip to content

lib: coerce -0 to +0 in various APIs#63556

Open
panva wants to merge 5 commits into
nodejs:mainfrom
panva:negative-zero-fixes
Open

lib: coerce -0 to +0 in various APIs#63556
panva wants to merge 5 commits into
nodejs:mainfrom
panva:negative-zero-fixes

Conversation

@panva
Copy link
Copy Markdown
Member

@panva panva commented May 25, 2026
edited
Loading

Followup to #63531

This is not an exhaustive list of these occurences, just the ones I can remotely imagine being exposed to an untrusted used input through a web-based or CLI interface.

The tests demonstrate the process crashing before the ./lib changes.

I used Codex to find and confirm these before diving in.

panva added 5 commits May 25, 2026 10:39
@panva
crypto: coerce -0 to +0 before native calls
ac85237 
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
@panva
dns: coerce -0 to +0 in lookup and resolver inputs
7e2ac12 
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
@panva
fs: coerce -0 to +0 in mode flags and watch intervals
673d7ec 
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
@panva
net: coerce -0 to +0 in BlockList prefixes
6693324 
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
@panva
zlib: coerce -0 to +0 for crc32 seeds
ace7877 
Signed-off-by: Filip Skokan <panva.ip@gmail.com>
@panva panva requested a review from ljharb May 25, 2026 08:46
@panva panva added the commit-queue-rebase Add this label to allow the Commit Queue to land a PR in several commits. label May 25, 2026
@nodejs-github-bot
Copy link
Copy Markdown
Collaborator

nodejs-github-bot commented May 25, 2026

Review requested:

  • @nodejs/crypto
  • @nodejs/net

@panva panva changed the title lib: various coerce -0 to +0 in various APIs lib: coerce -0 to +0 in various APIs May 25, 2026
@nodejs-github-bot nodejs-github-bot added lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run. labels May 25, 2026
aduh95
aduh95 reviewed May 25, 2026
View reviewed changes
Comment thread lib/internal/fs/watchers.js
Comment on lines 178 to +180
validateUint32(interval, 'interval');
// Coerce -0 to +0.
interval += 0;
Copy link
Copy Markdown
Contributor

@aduh95 aduh95 May 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Shouldn't we update validateUint32 to reject -0 instead?

Copy link
Copy Markdown
Member Author

@panva panva May 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have no particular sympathy for either or.

Copy link
Copy Markdown
Contributor

@aduh95 aduh95 May 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Having it part of the helper is probably more robust than relying on humans to remember for checking for -0

Copy link
Copy Markdown
Contributor

@TheOneTheOnlyJJ TheOneTheOnlyJJ May 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Having it part of the helper is probably more robust than relying on humans to remember for checking for -0

Maybe even have it part of all uint conversion helpers?

@codecov
Copy link
Copy Markdown

codecov Bot commented May 25, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 97.36842% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 90.34%. Comparing base (1ddb754) to head (ace7877).
⚠️ Report is 17 commits behind head on main.

Files with missing lines Patch % Lines
lib/internal/dns/promises.js 50.00% 2 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main   #63556      +/-   ##
==========================================
+ Coverage   90.31%   90.34%   +0.02%     
==========================================
  Files         730      730              
  Lines      234161   234414     +253     
  Branches    43917    43930      +13     
==========================================
+ Hits       211486   211784     +298     
+ Misses      14408    14376      -32     
+ Partials     8267     8254      -13
Files with missing lines Coverage Δ
lib/dns.js 98.65% <100.00%> (+0.01%) ⬆️
lib/internal/blocklist.js 91.39% <100.00%> (+0.08%) ⬆️
lib/internal/crypto/cipher.js 97.98% <100.00%> (+0.03%) ⬆️
lib/internal/crypto/diffiehellman.js 97.77% <100.00%> (+0.01%) ⬆️
lib/internal/crypto/hash.js 99.02% <100.00%> (+0.01%) ⬆️
lib/internal/crypto/hkdf.js 100.00% <100.00%> (+1.15%) ⬆️
lib/internal/crypto/keygen.js 93.49% <100.00%> (+0.47%) ⬆️
lib/internal/crypto/random.js 96.09% <100.00%> (+0.02%) ⬆️
lib/internal/dns/utils.js 99.44% <100.00%> (+<0.01%) ⬆️
lib/internal/fs/utils.js 98.44% <100.00%> (+<0.01%) ⬆️
... and 4 more

... and 64 files with indirect coverage changes

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aduh95 aduh95 aduh95 left review comments

@ljharb ljharb Awaiting requested review from ljharb

+1 more reviewer

@TheOneTheOnlyJJ TheOneTheOnlyJJ TheOneTheOnlyJJ left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

commit-queue-rebase Add this label to allow the Commit Queue to land a PR in several commits. lib / src Issues and PRs related to general changes in the lib or src directory. needs-ci PRs that need a full CI run.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@panva @nodejs-github-bot @aduh95 @TheOneTheOnlyJJ