fs: validate position argument before length === 0 early return by geeksilva97 · Pull Request #62674 · nodejs/node
Cosmic-Game-studios pushed a commit to Cosmic-Game-studios/node that referenced this pull request
fs.read() and fs.readSync() validate the `position` argument via validatePosition() (tightened in commit ed05549). The symmetric write path was never updated: fs.write(), fs.writeSync() and fsPromises.FileHandle.write() silently coerced any non-number `position` (strings, objects, booleans, NaN, out-of-range numbers, out-of-range bigints) to `null`, which means "use the current file offset". Impact: callers relying on an ERR_OUT_OF_RANGE / ERR_INVALID_ARG_TYPE throw to reject malformed inputs instead silently got a stream-mode write at the current file offset — bypassing validation and potentially overwriting file content the caller thought it had refused. Inconsistent between read and write is a direct input- validation failure that is trivially triggerable from userland: fs.writeSync(fd, Buffer.from('PWN'), 0, 3, -2); // accepted fs.writeSync(fd, Buffer.from('PWN'), 0, 3, 'str'); // accepted fs.writeSync(fd, Buffer.from('PWN'), 0, 3, { not: 'num' }); // accepted Mirror the read-side validation in all three write entry points, add a regression test covering positional-arg, options-object and mutation-guarded-options-object invocations for sync, async and promise variants. Refs: nodejs#62674