Skip to content

http: fix use-after-free in onHandshake when checkServerIdentity rejects (u9sf0l)#29829

Merged
Jarred-Sumner merged 4 commits into
mainfrom
farm/96b6f3ed/https-checkserveridentity-uaf
Apr 28, 2026
Merged

http: fix use-after-free in onHandshake when checkServerIdentity rejects (u9sf0l)#29829
Jarred-Sumner merged 4 commits into
mainfrom
farm/96b6f3ed/https-checkserveridentity-uaf

Merge branch 'main' into farm/96b6f3ed/https-checkserveridentity-uaf

6463c7c
Select commit
Loading
Failed to load commit list.
Claude / Claude Code Review completed Apr 28, 2026 in 15m 20s

Code review found 1 potential issue

Found 5 candidates, confirmed 1. See review comments for details.

Details

Severity Count
🔴 Important 0
🟡 Nit 1
🟣 Pre-existing 0
Severity File:Line Issue
🟡 Nit test/js/node/http/node-https-checkServerIdentity.test.ts:27 Use describe.concurrent for independent subprocess tests

Annotations

Check warning on line 27 in test/js/node/http/node-https-checkServerIdentity.test.ts

See this annotation in the file changed.

@claude claude / Claude Code Review

Use describe.concurrent for independent subprocess tests 

nit: per `test/CLAUDE.md`, tests that each spawn an independent subprocess should use `describe.concurrent`. All four tests here spawn isolated `bunExe()` children with `port: 0` and no shared state, so this block can be `describe.concurrent("https.request checkServerIdentity", …)` to run them in parallel.
View more details on Claude