tty: validate file descriptor to avoid int32 overflow

aduh95 · ruyadorno · commit 3452618905ee · 2021-03-23T21:25:29.000-04:00
Fixes: #37805 PR-URL: #37809 Reviewed-By: James M Snell <jasnell@gmail.com> Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de> Reviewed-By: Luigi Pinca <luigipinca@gmail.com> Reviewed-By: Darshan Sen <raisinten@gmail.com>
diff --git a/lib/tty.js b/lib/tty.js
@@ -40,7 +40,8 @@ const {
 let readline;
 
 function isatty(fd) {
-  return NumberIsInteger(fd) && fd >= 0 && isTTY(fd);
+  return NumberIsInteger(fd) && fd >= 0 && fd <= 2147483647 &&
+         isTTY(fd);
 }
 
 function ReadStream(fd, options) {
diff --git a/test/pseudo-tty/test-tty-isatty.js b/test/pseudo-tty/test-tty-isatty.js
@@ -10,6 +10,7 @@ strictEqual(isatty(2), true, 'stderr reported to not be a tty, but it is');
 
 strictEqual(isatty(-1), false, '-1 reported to be a tty, but it is not');
 strictEqual(isatty(55555), false, '55555 reported to be a tty, but it is not');
+strictEqual(isatty(2 ** 31), false, '2^31 reported to be a tty, but it is not');
 strictEqual(isatty(1.1), false, '1.1 reported to be a tty, but it is not');
 strictEqual(isatty('1'), false, '\'1\' reported to be a tty, but it is not');
 strictEqual(isatty({}), false, '{} reported to be a tty, but it is not');

Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,8 @@ const {`
`40`	`40`	`let readline;`
`41`	`41`
`42`	`42`	`function isatty(fd) {`
`43`		`- return NumberIsInteger(fd) && fd >= 0 && isTTY(fd);`
	`43`	`+ return NumberIsInteger(fd) && fd >= 0 && fd <= 2147483647 &&`
	`44`	`+ isTTY(fd);`
`44`	`45`	`}`
`45`	`46`
`46`	`47`	`function ReadStream(fd, options) {`