zlib: add maxOutputLength option

Fixes: nodejs#27253

Author: rosaxxny

doc/api/zlib.md

@@ -484,6 +484,9 @@ These advanced options are available for controlling decompression:
 <!-- YAML
 added: v0.11.1
 changes:
+  - version: REPLACEME
+    pr-url: REPLACEME
+    description: The `maxOutputLength` option is supported now.
   - version: v9.4.0
     pr-url: https://github.com/nodejs/node/pull/16042
     description: The `dictionary` option can be an `ArrayBuffer`.
@@ -512,13 +515,19 @@ ignored by the decompression classes.
 * `dictionary` {Buffer|TypedArray|DataView|ArrayBuffer} (deflate/inflate only,
   empty dictionary by default)
 * `info` {boolean} (If `true`, returns an object with `buffer` and `engine`.)
+* `maxOutputLength` {integer} Limits output size when using
+  [convenience methods][]. **Default:** [`buffer.kMaxLength`][]
 
 See the [`deflateInit2` and `inflateInit2`][] documentation for more
 information.
 
 ## Class: `BrotliOptions`
 <!-- YAML
 added: v11.7.0
+changes:
+  - version: REPLACEME
+    pr-url: REPLACEME
+    description: The `maxOutputLength` option is supported now.
 -->
 
 <!--type=misc-->
@@ -529,6 +538,8 @@ Each Brotli-based class takes an `options` object. All options are optional.
 * `finishFlush` {integer} **Default:** `zlib.constants.BROTLI_OPERATION_FINISH`
 * `chunkSize` {integer} **Default:** `16 * 1024`
 * `params` {Object} Key-value object containing indexed [Brotli parameters][].
+* `maxOutputLength` {integer} Limits output size when using
+  [convenience methods][]. **Default:** [`buffer.kMaxLength`][]
 
 For example:
 
@@ -1140,6 +1151,7 @@ Decompress a chunk of data with [`Unzip`][].
 [`BrotliCompress`]: #zlib_class_zlib_brotlicompress
 [`BrotliDecompress`]: #zlib_class_zlib_brotlidecompress
 [`Buffer`]: buffer.html#buffer_class_buffer
+[`buffer.kMaxLength`]: buffer.html#buffer_buffer_kmaxlength
 [`Content-Encoding`]: https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.11
 [`DataView`]: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/DataView
 [`DeflateRaw`]: #zlib_class_zlib_deflateraw
@@ -1157,5 +1169,6 @@ Decompress a chunk of data with [`Unzip`][].
 [Memory Usage Tuning]: #zlib_memory_usage_tuning
 [RFC 7932]: https://www.rfc-editor.org/rfc/rfc7932.txt
 [Streams API]: stream.md
+[convenience methods]: #zlib_convenience_methods
 [zlib documentation]: https://zlib.net/manual.html#Constants
 [zlib.createGzip example]: #zlib_zlib

lib/internal/errors.js

@@ -46,8 +46,6 @@ const kTypes = [
   'symbol'
 ];
 
-const { kMaxLength } = internalBinding('buffer');
-
 const MainContextError = Error;
 const ErrorToString = Error.prototype.toString;
 const overrideStackTrace = new WeakMap();
@@ -747,7 +745,7 @@ E('ERR_BUFFER_OUT_OF_BOUNDS',
     return 'Attempt to access memory outside buffer bounds';
   }, RangeError);
 E('ERR_BUFFER_TOO_LARGE',
-  `Cannot create a Buffer larger than 0x${kMaxLength.toString(16)} bytes`,
+  'Cannot create a Buffer larger than %s bytes',
   RangeError);
 E('ERR_CANNOT_WATCH_SIGINT', 'Cannot watch for SIGINT signals', Error);
 E('ERR_CHILD_CLOSED_BEFORE_REPLY',

lib/zlib.js

@@ -124,6 +124,11 @@ function zlibBufferOnData(chunk) {
   else
     this.buffers.push(chunk);
   this.nread += chunk.length;
+  if (this.nread > this._maxOutputLength) {
+    this.close();
+    this.removeAllListeners('end');
+    this.cb(new ERR_BUFFER_TOO_LARGE(this._maxOutputLength));
+  }
 }
 
 function zlibBufferOnError(err) {
@@ -134,9 +139,7 @@ function zlibBufferOnError(err) {
 function zlibBufferOnEnd() {
   let buf;
   let err;
-  if (this.nread >= kMaxLength) {
-    err = new ERR_BUFFER_TOO_LARGE();
-  } else if (this.nread === 0) {
+  if (this.nread === 0) {
     buf = Buffer.alloc(0);
   } else {
     const bufs = this.buffers;
@@ -276,6 +279,7 @@ function ZlibBase(opts, mode, handle, { flush, finishFlush, fullFlush }) {
   this._finishFlushFlag = finishFlush;
   this._defaultFullFlushFlag = fullFlush;
   this._info = opts && opts.info;
+  this._maxOutputLength = (opts && opts.maxOutputLength) || kMaxLength;
 }
 ObjectSetPrototypeOf(ZlibBase.prototype, Transform.prototype);
 ObjectSetPrototypeOf(ZlibBase, Transform);
@@ -450,6 +454,12 @@ function processChunkSync(self, chunk, flushFlag) {
       else
         buffers.push(out);
       nread += out.byteLength;
+
+      if (nread > self._maxOutputLength) {
+        _close(self);
+        throw new ERR_BUFFER_TOO_LARGE(self._maxOutputLength);
+      }
+
     } else {
       assert(have === 0, 'have should not go down');
     }
@@ -476,10 +486,6 @@ function processChunkSync(self, chunk, flushFlag) {
   self.bytesWritten = inputRead;
   _close(self);
 
-  if (nread >= kMaxLength) {
-    throw new ERR_BUFFER_TOO_LARGE();
-  }
-
   if (nread === 0)
     return Buffer.alloc(0);
 

test/parallel/test-zlib-brotli-kmaxlength-rangeerror.js

@@ -11,7 +11,7 @@ const assert = require('assert');
 // large Buffers.
 const buffer = require('buffer');
 const oldkMaxLength = buffer.kMaxLength;
-buffer.kMaxLength = 128;
+buffer.kMaxLength = 64;
 const zlib = require('zlib');
 buffer.kMaxLength = oldkMaxLength;
 

test/parallel/test-zlib-kmaxlength-rangeerror.js

@@ -11,7 +11,7 @@ const assert = require('assert');
 // large Buffers.
 const buffer = require('buffer');
 const oldkMaxLength = buffer.kMaxLength;
-buffer.kMaxLength = 128;
+buffer.kMaxLength = 64;
 const zlib = require('zlib');
 buffer.kMaxLength = oldkMaxLength;
 

test/parallel/test-zlib-maxOutputLength.js

@@ -0,0 +1,24 @@
+'use strict';
+require('../common');
+const assert = require('assert');
+const zlib = require('zlib');
+
+const encoded = Buffer.from('G38A+CXCIrFAIAM=', 'base64');
+
+// Async
+zlib.brotliDecompress(encoded, { maxOutputLength: 64 }, function(err) {
+  assert.ok(err instanceof RangeError);
+});
+
+// Sync
+assert.throws(function() {
+  zlib.brotliDecompressSync(encoded, { maxOutputLength: 64 });
+}, RangeError);
+
+// Async
+zlib.brotliDecompress(encoded, { maxOutputLength: 256 }, function(err) {
+  assert.strictEqual(err, null);
+});
+
+// Sync
+zlib.brotliDecompressSync(encoded, { maxOutputLength: 256 });