From 82a60285bde2f626dec65e0e6d56136a4bb3a838 Mon Sep 17 00:00:00 2001 From: James M Snell Date: Thu, 30 Mar 2017 20:08:17 -0700 Subject: [PATCH 1/3] buffer: zero fill Buffer(num) by default --- lib/buffer.js | 2 +- test/parallel/test-buffer-zero-fill.js | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 test/parallel/test-buffer-zero-fill.js diff --git a/lib/buffer.js b/lib/buffer.js index 1c686f36c61ea0..b9c6c01425df77 100644 --- a/lib/buffer.js +++ b/lib/buffer.js @@ -102,7 +102,7 @@ function Buffer(arg, encodingOrOffset, length) { 'If encoding is specified then the first argument must be a string' ); } - return Buffer.allocUnsafe(arg); + return Buffer.alloc(arg); } return Buffer.from(arg, encodingOrOffset, length); } diff --git a/test/parallel/test-buffer-zero-fill.js b/test/parallel/test-buffer-zero-fill.js new file mode 100644 index 00000000000000..916e38f06a2330 --- /dev/null +++ b/test/parallel/test-buffer-zero-fill.js @@ -0,0 +1,16 @@ +'use strict'; + +require('../common'); +const assert = require('assert'); +const Buffer = require('buffer').Buffer; + +const buf1 = Buffer(100); +const buf2 = new Buffer(100); + +let n = 0; + +for (n = 0; n < buf1.length; n++) + assert.strictEqual(buf1[n], 0); + +for (n = 0; n < buf2.length; n++) + assert.strictEqual(buf2[n], 0); From 283fb1b279d74f09fdff1b7a01e1402eb3fcf95f Mon Sep 17 00:00:00 2001 From: James M Snell Date: Thu, 30 Mar 2017 20:22:01 -0700 Subject: [PATCH 2/3] doc: update the buffer.md to reflect change to zero-fill --- doc/api/buffer.md | 36 +++++++++++++++++++----------------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/doc/api/buffer.md b/doc/api/buffer.md index 6f84a31d0f94d3..ea6c84b3da5ba4 100644 --- a/doc/api/buffer.md +++ b/doc/api/buffer.md @@ -52,13 +52,16 @@ In versions of Node.js prior to v6, `Buffer` instances were created using the differently based on what arguments are provided: * Passing a number as the first argument to `Buffer()` (e.g. `new Buffer(10)`), - allocates a new `Buffer` object of the specified size. The memory allocated - for such `Buffer` instances is *not* initialized and *can contain sensitive - data*. Such `Buffer` instances *must* be initialized *manually* by using either - [`buf.fill(0)`][`buf.fill()`] or by writing to the `Buffer` completely. While - this behavior is *intentional* to improve performance, development experience - has demonstrated that a more explicit distinction is required between creating - a fast-but-uninitialized `Buffer` versus creating a slower-but-safer `Buffer`. + allocates a new `Buffer` object of the specified size. Prior to Node.js 8.0.0, + the memory allocated for such `Buffer` instances is *not* initialized and + *can contain sensitive data*. Such `Buffer` instances *must* be initialized + *manually* by using either [`buf.fill(0)`][`buf.fill()`] or by writing to the + `Buffer` completely. While this behavior is *intentional* to improve + performance, development experience has demonstrated that a more explicit + distinction is required between creating a fast-but-uninitialized `Buffer` + versus creating a slower-but-safer `Buffer`. Starting in Node.js 8.0.0, + `Buffer(num)` and `new Buffer(num)` will return a `Buffer` with initialized + memory. * Passing a string, array, or `Buffer` as the first argument copies the passed object's data into the `Buffer`. * Passing an [`ArrayBuffer`] returns a `Buffer` that shares allocated memory with @@ -427,6 +430,9 @@ console.log(buf2.toString());