Permalink
Browse files

buffer: throw when filling with empty buffers

Prior to this commit, Node would enter an infinite loop when
attempting to fill a non-zero length buffer with a zero length
buffer. This commit introduces a thrown exception in this scenario.

PR-URL: #18129
Fixes: #18128
Reviewed-By: Richard Lau <riclau@uk.ibm.com>
Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
  • Loading branch information...
cjihrig committed Jan 13, 2018
1 parent db9c556 commit 1e802539b2811f5090281cfc8041f21120c2c3c6
Showing with 22 additions and 7 deletions.
  1. +8 −0 doc/api/buffer.md
  2. +7 −7 src/node_buffer.cc
  3. +7 −0 test/parallel/test-buffer-alloc.js
@@ -519,6 +519,10 @@ changes:
pr-url: https://github.com/nodejs/node/pull/17427
description: Specifying an invalid string for `fill` triggers a thrown
exception.
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/18129
description: Attempting to fill a non-zero length buffer with a zero length
buffer triggers a thrown exception.
-->
* `size` {integer} The desired length of the new `Buffer`.
@@ -1231,6 +1235,10 @@ changes:
pr-url: https://github.com/nodejs/node/pull/17427
description: Specifying an invalid string for `value` triggers a thrown
exception.
- version: REPLACEME
pr-url: https://github.com/nodejs/node/pull/18129
description: Attempting to fill a non-zero length buffer with a zero length
buffer triggers a thrown exception.
-->
* `value` {string|Buffer|integer} The value to fill `buf` with.
@@ -642,20 +642,20 @@ void Fill(const FunctionCallbackInfo<Value>& args) {
str_obj,
enc,
nullptr);
// This check is also needed in case Write() returns that no bytes could
// be written. If no bytes could be written, then return -1 because the
// string is invalid. This will trigger a throw in JavaScript. Silently
// failing should be avoided because it can lead to buffers with unexpected
// contents.
if (str_length == 0)
return args.GetReturnValue().Set(-1);
}
start_fill:
if (str_length >= fill_length)
return;
// If str_length is zero, then either an empty buffer was provided, or Write()
// indicated that no bytes could be written. If no bytes could be written,
// then return -1 because the fill value is invalid. This will trigger a throw
// in JavaScript. Silently failing should be avoided because it can lead to
// buffers with unexpected contents.
if (str_length == 0)
return args.GetReturnValue().Set(-1);
size_t in_there = str_length;
char* ptr = ts_obj_data + start + str_length;
@@ -1024,3 +1024,10 @@ common.expectsError(() => {
code: 'ERR_INVALID_ARG_VALUE',
type: TypeError
});
common.expectsError(() => {
Buffer.alloc(1, Buffer.alloc(0));
}, {
code: 'ERR_INVALID_ARG_VALUE',
type: TypeError
});

0 comments on commit 1e80253

Please sign in to comment.