Decrypting some cookies results in RangeError

[eloquence]

On decrypting cookies set by one particular site (Goodreads.com), I got the following error:

RangeError: out of range index
at RangeError (native)
at decrypt (node_modules/chrome-cookies-secure/index.js:59:8)
at Statement.db.each.host (node_modules/chrome-cookies-secure/index.js:268:21)

The offending line 59 is final.copy(decoded, decoded.length - 1);. Changing it to final.copy(decoded, decoded.length ? decoded.length - 1 : 0); (no longer assuming that the target buffer contains data) fixed the issue for me, though I don't know if that's the best solution.

[bertrandom]

Are these the basic login cookies? Will test soon when I get a chance!

[eloquence]

Yep, this happened with the Goodreads login & standard site cookies, logging in via Facebook. Thanks for taking a look!

[rubengmurray]

This is a very old issue, but I see that the final.copy(decoded, decoded.length - 1) is still the same in the code base.

Here:

chrome-cookies-secure/index.js

Line 42 in 8eeca6d

final.copy(decoded, decoded.length - 1);

It's a long-shot, but do you still have the code that can replicate this? If the buffer contains no data then I presume it's a bad entry, and all you were trying to do was skip it so that it didn't blow up everything else?

That feels like a reasonable approach, and I can't see much downside with it.

We could probably log out a warning too if this happens.