fix: skip native write for zero-length callback writeFile#146
Closed
caneraltinbasak wants to merge 2 commits into
Closed
fix: skip native write for zero-length callback writeFile#146caneraltinbasak wants to merge 2 commits into
caneraltinbasak wants to merge 2 commits into
Conversation
v8 built with V8_ENABLE_SANDBOX in Chromium. Every Buffer's bytes must live inside the V8 memory cage, and pointers are cage-relative. A zero-length buffer has no allocation in the cage, so Buffer::Data() resolves to the cage base / an empty-store sentinel — an address the kernel rejects when it's handed to write(2), even with len == 0 Plain Node, V8 sandbox off. Buffers come from Node's normal heap allocator; an empty buffer yields an ordinary valid pointer, so write(fd, ptr, 0) is a harmless no-op → returns 0. Callback fs.writeFile()/writeAll() always issued a native fs.write(fd, buffer, 0, 0, ...) syscall even when the data was empty. On the Electron-based roHtmlWidget Node integration that zero-length write returns "EFAULT: bad address in system call argument, write", whereas it succeeds under the standalone roNodeJs runtime and under fs/promises.writeFile(). Add a zero-length guard to writeAll() that skips the syscall and runs the normal completion path (optional fsync, close the fd only when writeFile() opened it, invoke callback(null)), matching the early return already present in fs/promises.writeFile(). Non-empty writes, validation, abort/signal handling and caller-owned fd semantics are unchanged.
Add renderer (nodeIntegration / roHtmlWidget) regression tests for the zero-length callback fs.writeFile() EFAULT fix. Covers empty string and empty Buffer writes, a non-empty write, truncation of an existing file, and a caller-owned fd that must not be closed by fs.writeFile(). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
caneraltinbasak
changed the title
There was a problem hiding this comment.
Pull request overview
This PR addresses an Electron-specific failure mode in the callback-based fs.writeFile() path when writing zero-length data under V8 sandboxing, by skipping the underlying native write(2) syscall for length === 0 and completing via the normal success/flush/close path (aligning behavior with fs/promises.writeFile()).
Changes:
- Added a Node patch to short-circuit
writeAll()for zero-length writes while preserving the usual completion behavior (optionalfsync, close semantics, callback). - Added renderer regression tests covering empty-string/empty-buffer writes, truncation, non-empty writes, and user-owned file descriptor behavior.
- Registered the new Node patch in
patches/node/.patches.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.
| File | Description |
|---|---|
| spec/node-spec.ts | Adds renderer regression coverage for callback fs.writeFile() zero-length writes and fd ownership behavior. |
| patches/node/fs_skip_native_write_for_zero-length_callback_writefile.patch | Updates Node’s writeAll() to skip the native write syscall when length === 0 and reuse a shared completion path. |
| patches/node/.patches | Includes the new patch in the Node patch application list. |
t-bashir-bs
approved these changes
Jun 26, 2026
Author
|
This is not the right fix. I've found the root cause of the problem, this was just a workaround. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of Change
v8 built with V8_ENABLE_SANDBOX in Chromium. Every Buffer's bytes
must live inside the V8 memory cage, and pointers are cage-relative.
A zero-length buffer has no allocation in the cage, so Buffer::Data()
resolves to the cage base / an empty-store sentinel — an address
the kernel rejects when it's handed to write(2), even with len == 0
Plain Node, V8 sandbox off. Buffers come from Node's normal heap
allocator; an empty buffer yields an ordinary valid pointer, so
write(fd, ptr, 0) is a harmless no-op → returns 0.
Callback fs.writeFile()/writeAll() always issued a native
fs.write(fd, buffer, 0, 0, ...) syscall even when the data was empty.
On the Electron-based roHtmlWidget Node integration that zero-length
write returns "EFAULT: bad address in system call argument, write",
whereas it succeeds under the standalone roNodeJs runtime and under
fs/promises.writeFile().
Add a zero-length guard to writeAll() that skips the syscall and runs
the normal completion path (optional fsync, close the fd only when
writeFile() opened it, invoke callback(null)), matching the early
return already present in fs/promises.writeFile(). Non-empty writes,
validation, abort/signal handling and caller-owned fd semantics are
unchanged.
Checklist
npm testpassesRelease Notes
Notes:
Fixed an error(EFAULT) when Electron render process writes a file with zero length using fs.writeFile()