Browse files

buffers: handle bad length argument in constructor

Coerce fractional, negative and non-numeric length arguments to numbers.
Fractional numbers are rounded up, negative numbers and non-numeric values
are set to zero.
  • Loading branch information...
1 parent 43cb4ec commit aebf2d85e88bf823b1cd90d276011b45298cb222 @bnoordhuis committed Sep 24, 2011
Showing with 25 additions and 3 deletions.
  1. +12 −3 lib/buffer.js
  2. +13 −0 test/simple/test-buffer.js
View
15 lib/buffer.js
@@ -196,6 +196,15 @@ SlowBuffer.prototype.slice = function(start, end) {
};
+function coerce(length) {
+ // Coerce length to a number (possibly NaN), round up
+ // in case it's fractional (e.g. 123.456) then do a
+ // double negate to coerce a NaN to 0. Easy, right?
+ length = ~~Math.ceil(+length);
+ return length < 0 ? 0 : length;
+}
+
+
// Buffer
function Buffer(subject, encoding, offset) {
@@ -207,22 +216,22 @@ function Buffer(subject, encoding, offset) {
// Are we slicing?
if (typeof offset === 'number') {
- this.length = encoding;
+ this.length = coerce(encoding);
this.parent = subject;
this.offset = offset;
} else {
// Find the length
switch (type = typeof subject) {
case 'number':
- this.length = subject;
+ this.length = coerce(subject);
break;
case 'string':
this.length = Buffer.byteLength(subject, encoding);
break;
case 'object': // Assume object is an array
- this.length = subject.length;
+ this.length = coerce(subject.length);
break;
default:
View
13 test/simple/test-buffer.js
@@ -689,3 +689,16 @@ buf.write('123456', 'base64');
assert.equal(Buffer._charsWritten, 6);
buf.write('00010203040506070809', 'hex');
assert.equal(Buffer._charsWritten, 18);
+
+// Check for fractional length args, junk length args, etc.
+// https://github.com/joyent/node/issues/1758
+Buffer(3.3).toString(); // throws bad argument error in commit 43cb4ec
+assert.equal(Buffer(-1).length, 0);
+assert.equal(Buffer(NaN).length, 0);
+assert.equal(Buffer(3.3).length, 4);
+assert.equal(Buffer({length:3.3}).length, 4);
+assert.equal(Buffer({length:"BAM"}).length, 0);
+
+// Make sure that strings are not coerced to numbers.
+assert.equal(Buffer("99").length, 2);
+assert.equal(Buffer("13.37").length, 5);

0 comments on commit aebf2d8

Please sign in to comment.