From 7614ab4f41facfd8ae297896450f938b429f204a Mon Sep 17 00:00:00 2001 From: Mike Kostersitz Date: Fri, 31 Oct 2025 19:18:11 -0700 Subject: [PATCH] Updating for CVE-2024-21526 removing asserts and using napi_throw_type_error instead if non int is part of arg[0] --- src/binding.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/src/binding.c b/src/binding.c index 721f85a..a3d5ba1 100644 --- a/src/binding.c +++ b/src/binding.c @@ -45,11 +45,26 @@ napi_value speaker_open(napi_env env, napi_callback_info info) { memset(speaker, 0, sizeof(Speaker)); audio_output_t *ao = &speaker->ao; - assert(napi_get_value_int32(env, args[0], &ao->channels) == napi_ok); /* channels */ + // assert(napi_get_value_int32(env, args[0], &ao->channels) == napi_ok); /* channels */ + int32_t channels; + napi_status status = napi_get_value_int32(env, args[0], &channels); + if (status != napi_ok) { + napi_throw_type_error(env, NULL, "First argument must be an integer (channels)"); + return NULL; + } +ao->channels = channels; int32_t _rate; - assert(napi_get_value_int32(env, args[1], &_rate) == napi_ok); /* sample rate */ + status = napi_get_value_int32(env, args[1], &_rate); + if (status != napi_ok) { + napi_throw_type_error(env, NULL, "Second argument must be an integer (sample rate)"); + return NULL; + } ao->rate = _rate; - assert(napi_get_value_int32(env, args[2], &ao->format) == napi_ok); /* MPG123_ENC_* format */ + status = napi_get_value_int32(env, args[2], &ao->format); + if (status != napi_ok) { + napi_throw_type_error(env, NULL, "Third argument must be an integer (format)"); + return NULL; + } if (is_string(env, args[3])) { size_t device_string_size;