From 402a8abc87072794ebbebc70a1fed2cb7cd0bde1 Mon Sep 17 00:00:00 2001
From: Vlad Frangu <me@vladfrangu.dev>
Date: Thu, 11 Jul 2024 01:06:57 +0300
Subject: [PATCH] fix: CVE-2024-21521 and any future attempts for these

---
 package-lock.json | 17 ++++++++------
 package.json      |  2 +-
 src/node-opus.cc  | 57 +++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 68 insertions(+), 8 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index b0b6e8a..98fedd5 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -11,7 +11,7 @@
 			"license": "MIT",
 			"dependencies": {
 				"@discordjs/node-pre-gyp": "^0.4.5",
-				"node-addon-api": "^5.0.0"
+				"node-addon-api": "^8.1.0"
 			},
 			"devDependencies": {
 				"@types/node": "^18.11.2",
@@ -4383,9 +4383,12 @@
 			}
 		},
 		"node_modules/node-addon-api": {
-			"version": "5.0.0",
-			"resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-5.0.0.tgz",
-			"integrity": "sha512-CvkDw2OEnme7ybCykJpVcKH+uAOLV2qLqiyla128dN9TkEWfrYmxG6C2boDe5KcNQqZF3orkqzGgOMvZ/JNekA=="
+			"version": "8.1.0",
+			"resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-8.1.0.tgz",
+			"integrity": "sha512-yBY+qqWSv3dWKGODD6OGE6GnTX7Q2r+4+DfpqxHSHh8x0B4EKP9+wVGLS6U/AM1vxSNNmUEuIV5EGhYwPpfOwQ==",
+			"engines": {
+				"node": "^18 || ^20 || >= 21"
+			}
 		},
 		"node_modules/node-fetch": {
 			"version": "2.6.7",
@@ -9269,9 +9272,9 @@
 			"dev": true
 		},
 		"node-addon-api": {
-			"version": "5.0.0",
-			"resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-5.0.0.tgz",
-			"integrity": "sha512-CvkDw2OEnme7ybCykJpVcKH+uAOLV2qLqiyla128dN9TkEWfrYmxG6C2boDe5KcNQqZF3orkqzGgOMvZ/JNekA=="
+			"version": "8.1.0",
+			"resolved": "https://registry.npmjs.org/node-addon-api/-/node-addon-api-8.1.0.tgz",
+			"integrity": "sha512-yBY+qqWSv3dWKGODD6OGE6GnTX7Q2r+4+DfpqxHSHh8x0B4EKP9+wVGLS6U/AM1vxSNNmUEuIV5EGhYwPpfOwQ=="
 		},
 		"node-fetch": {
 			"version": "2.6.7",
diff --git a/package.json b/package.json
index 5bfe5dd..f472293 100644
--- a/package.json
+++ b/package.json
@@ -28,7 +28,7 @@
 	},
 	"dependencies": {
 		"@discordjs/node-pre-gyp": "^0.4.5",
-		"node-addon-api": "^5.0.0"
+		"node-addon-api": "^8.1.0"
 	},
 	"devDependencies": {
 		"@types/node": "^18.11.2",
diff --git a/src/node-opus.cc b/src/node-opus.cc
index 15dc5bd..478c2fb 100644
--- a/src/node-opus.cc
+++ b/src/node-opus.cc
@@ -44,6 +44,17 @@ Object OpusEncoder::Init(Napi::Env env, Object exports) {
 OpusEncoder::OpusEncoder(const CallbackInfo& args): ObjectWrap<OpusEncoder>(args) {
 	this->encoder = nullptr;
 	this->decoder = nullptr;
+
+	if (args.Length() < 2) {
+		Napi::RangeError::New(args.Env(), "Expected 2 arguments").ThrowAsJavaScriptException();
+		return;
+	}
+
+	if (!args[0].IsNumber() || !args[1].IsNumber()) {
+		Napi::TypeError::New(args.Env(), "Expected rate and channels to be numbers").ThrowAsJavaScriptException();
+		return;
+	}
+
 	this->rate = args[0].ToNumber().Int32Value();
 	this->channels = args[1].ToNumber().Int32Value();
 	this->application = OPUS_APPLICATION_AUDIO;
@@ -87,6 +98,11 @@ Napi::Value OpusEncoder::Encode(const CallbackInfo& args) {
 		return env.Null();
 	}
 
+	if (args.Length() < 1) {
+		Napi::RangeError::New(env, "Expected 1 argument").ThrowAsJavaScriptException();
+		return env.Null();
+	}
+
 	if (!args[0].IsBuffer()) {
 		Napi::TypeError::New(env, "Provided input needs to be a buffer").ThrowAsJavaScriptException();
 		return env.Null();
@@ -102,11 +118,19 @@ Napi::Value OpusEncoder::Encode(const CallbackInfo& args) {
 	Buffer<char> actualBuf = Buffer<char>::Copy(env, reinterpret_cast<char*>(this->outOpus), compressedLength);
 
 	if (!actualBuf.IsEmpty()) return actualBuf;
+
+	Napi::Error::New(env, "Could not encode the data").ThrowAsJavaScriptException();
+	return env.Null();
 }
 
 Napi::Value OpusEncoder::Decode(const CallbackInfo& args) {
 	Napi::Env env = args.Env();
 
+	if (args.Length() < 1) {
+		Napi::RangeError::New(env, "Expected 1 argument").ThrowAsJavaScriptException();
+		return env.Null();
+	}
+
 	if (!args[0].IsBuffer()) {
 		Napi::TypeError::New(env, "Provided input needs to be a buffer").ThrowAsJavaScriptException();
 		return env.Null();
@@ -140,11 +164,24 @@ Napi::Value OpusEncoder::Decode(const CallbackInfo& args) {
 	Buffer<char> actualBuf = Buffer<char>::Copy(env, reinterpret_cast<char*>(this->outPcm), decodedLength);
 
 	if (!actualBuf.IsEmpty()) return actualBuf;
+
+	Napi::Error::New(env, "Could not decode the data").ThrowAsJavaScriptException();
+	return env.Null();
 }
 
 void OpusEncoder::ApplyEncoderCTL(const CallbackInfo& args) {
 	Napi::Env env = args.Env();
 
+	if (args.Length() < 2) {
+		Napi::RangeError::New(env, "Expected 2 arguments").ThrowAsJavaScriptException();
+		return;
+	}
+
+	if (!args[0].IsNumber() || !args[1].IsNumber()) {
+		Napi::TypeError::New(env, "Expected ctl and value to be numbers").ThrowAsJavaScriptException();
+		return;
+	}
+
 	int ctl = args[0].ToNumber().Int32Value();
 	int value = args[1].ToNumber().Int32Value();
 
@@ -162,6 +199,16 @@ void OpusEncoder::ApplyEncoderCTL(const CallbackInfo& args) {
 void OpusEncoder::ApplyDecoderCTL(const CallbackInfo& args) {
 	Napi::Env env = args.Env();
 
+	if (args.Length() < 2) {
+		Napi::RangeError::New(env, "Expected 2 arguments").ThrowAsJavaScriptException();
+		return;
+	}
+
+	if (!args[0].IsNumber() || !args[1].IsNumber()) {
+		Napi::TypeError::New(env, "Expected ctl and value to be numbers").ThrowAsJavaScriptException();
+		return;
+	}
+
 	int ctl = args[0].ToNumber().Int32Value();
 	int value = args[1].ToNumber().Int32Value();
 
@@ -179,6 +226,16 @@ void OpusEncoder::ApplyDecoderCTL(const CallbackInfo& args) {
 void OpusEncoder::SetBitrate(const CallbackInfo& args) {
 	Napi::Env env = args.Env();
 
+	if (args.Length() < 1) {
+		Napi::RangeError::New(env, "Expected 1 argument").ThrowAsJavaScriptException();
+		return;
+	}
+
+	if (!args[0].IsNumber()) {
+		Napi::TypeError::New(env, "Expected bitrate to be a number").ThrowAsJavaScriptException();
+		return;
+	}
+
 	int bitrate = args[0].ToNumber().Int32Value();
 
 	if (this->EnsureEncoder() != OPUS_OK) {