stream: reject SharedArrayBuffer-backed chunks in web compression

Per the Compression Streams spec, chunks must be BufferSource which
excludes SharedArrayBuffer-backed views. Add validation to both
CompressionStream and DecompressionStream that rejects chunks backed
by SharedArrayBuffer with a typed TypeError.

Author: panva

lib/internal/webstreams/compression.js

@@ -1,6 +1,7 @@
 'use strict';
 
 const {
+  FunctionPrototypeCall,
   ObjectDefineProperties,
   SymbolToStringTag,
 } = primordials;
@@ -11,11 +12,22 @@ const {
 
 const { customInspect } = require('internal/webstreams/util');
 
+const {
+  isArrayBufferView,
+  isSharedArrayBuffer,
+} = require('internal/util/types');
+
 const {
   customInspectSymbol: kInspect,
   kEnumerableProperty,
 } = require('internal/util');
 
+const {
+  codes: {
+    ERR_INVALID_ARG_TYPE,
+  },
+} = require('internal/errors');
+
 const { createEnumConverter } = require('internal/webidl');
 
 let zlib;
@@ -24,6 +36,25 @@ function lazyZlib() {
   return zlib;
 }
 
+// Per the Compression Streams spec, chunks must be BufferSource
+// (ArrayBuffer or ArrayBufferView not backed by SharedArrayBuffer).
+// Override the handle's write method to reject shared buffer views
+// synchronously which the web stream adapter's try/catch will
+// propagate as a write rejection.
+function addBufferSourceValidation(handle) {
+  const origWrite = handle.write;
+  handle.write = function(chunk, encoding, cb) {
+    if (isArrayBufferView(chunk) && isSharedArrayBuffer(chunk.buffer)) {
+      throw new ERR_INVALID_ARG_TYPE(
+        'chunk',
+        ['Buffer', 'TypedArray', 'DataView'],
+        chunk,
+      );
+    }
+    return FunctionPrototypeCall(origWrite, this, chunk, encoding, cb);
+  };
+}
+
 const formatConverter = createEnumConverter('CompressionFormat', [
   'deflate',
   'deflate-raw',
@@ -62,6 +93,7 @@ class CompressionStream {
         this.#handle = lazyZlib().createBrotliCompress();
         break;
     }
+    addBufferSourceValidation(this.#handle);
     this.#transform = newReadableWritablePairFromDuplex(this.#handle);
   }
 
@@ -123,6 +155,7 @@ class DecompressionStream {
         });
         break;
     }
+    addBufferSourceValidation(this.#handle);
     this.#transform = newReadableWritablePairFromDuplex(this.#handle);
 
     this.#handle.on('error', (err) => {

test/parallel/test-webstreams-compression-bad-chunks.js

@@ -9,15 +9,27 @@ const { CompressionStream, DecompressionStream } = require('stream/web');
 // on both the write and the read side, instead of hanging.
 
 const badChunks = [
-  { name: 'undefined', value: undefined },
-  { name: 'null', value: null },
-  { name: 'number', value: 3.14 },
-  { name: 'object', value: {} },
-  { name: 'array', value: [65] },
+  { name: 'undefined', value: undefined, code: 'ERR_INVALID_ARG_TYPE' },
+  { name: 'null', value: null, code: 'ERR_STREAM_NULL_VALUES' },
+  { name: 'number', value: 3.14, code: 'ERR_INVALID_ARG_TYPE' },
+  { name: 'object', value: {}, code: 'ERR_INVALID_ARG_TYPE' },
+  { name: 'array', value: [65], code: 'ERR_INVALID_ARG_TYPE' },
+  {
+    name: 'SharedArrayBuffer',
+    value: new SharedArrayBuffer(1),
+    code: 'ERR_INVALID_ARG_TYPE',
+  },
+  {
+    name: 'Uint8Array backed by SharedArrayBuffer',
+    value: new Uint8Array(new SharedArrayBuffer(1)),
+    code: 'ERR_INVALID_ARG_TYPE',
+  },
 ];
 
 for (const format of ['deflate', 'deflate-raw', 'gzip', 'brotli']) {
-  for (const { name, value } of badChunks) {
+  for (const { name, value, code } of badChunks) {
+    const expected = { name: 'TypeError', code };
+
     test(`CompressionStream rejects bad chunk (${name}) for ${format}`, async () => {
       const cs = new CompressionStream(format);
       const writer = cs.writable.getWriter();
@@ -26,8 +38,8 @@ for (const format of ['deflate', 'deflate-raw', 'gzip', 'brotli']) {
       const writePromise = writer.write(value);
       const readPromise = reader.read();
 
-      await assert.rejects(writePromise, { name: 'TypeError' });
-      await assert.rejects(readPromise, { name: 'TypeError' });
+      await assert.rejects(writePromise, expected);
+      await assert.rejects(readPromise, expected);
     });
 
     test(`DecompressionStream rejects bad chunk (${name}) for ${format}`, async () => {
@@ -38,8 +50,8 @@ for (const format of ['deflate', 'deflate-raw', 'gzip', 'brotli']) {
       const writePromise = writer.write(value);
       const readPromise = reader.read();
 
-      await assert.rejects(writePromise, { name: 'TypeError' });
-      await assert.rejects(readPromise, { name: 'TypeError' });
+      await assert.rejects(writePromise, expected);
+      await assert.rejects(readPromise, expected);
     });
   }
 }

test/wpt/status/compression.json

@@ -1,20 +1,7 @@
 {
-  "compression-bad-chunks.any.js": {
-    "fail": {
-      "note": "Node.js accepts SharedArrayBuffer-backed TypedArrays",
-      "expected": [
-        "chunk of type shared Uint8Array should error the stream for deflate",
-        "chunk of type shared Uint8Array should error the stream for deflate-raw",
-        "chunk of type shared Uint8Array should error the stream for gzip",
-        "chunk of type shared Uint8Array should error the stream for brotli"
-      ]
-    }
-  },
   "decompression-bad-chunks.any.js": {
     "fail": {
-      "note": "Node.js accepts SharedArrayBuffer-backed TypedArrays and rejects Error instead of TypeError",
       "expected": [
-        "chunk of type shared Uint8Array should error the stream for brotli",
         "chunk of type invalid deflate bytes should error the stream for brotli",
         "chunk of type invalid gzip bytes should error the stream for brotli"
       ]