Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 08a3f29

Browse filesBrowse files
Matt Loringrvagg
Matt Loring
authored and
rvagg
committed
buffer: fix range checking for slowToString
If `start` is not a valid number in the range, then the default value zero will be used. Same way, if `end` is not a valid number in the accepted range, then, by default, the length of the buffer is assumed. Fixes: #2668 Ref: #2919 PR-URL: #4019 Reviewed-By: Trevor Norris <trev.norris@gmail.com>
1 parent 8a5e434 commit 08a3f29
Copy full SHA for 08a3f29

File tree

Expand file treeCollapse file tree

2 files changed

+27
-6
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

2 files changed

+27
-6
lines changed
Open diff view settings
Collapse file

‎lib/buffer.js‎

Copy file name to clipboardExpand all lines: lib/buffer.js
+26-5Lines changed: 26 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -327,13 +327,34 @@ Object.defineProperty(Buffer.prototype, 'offset', {
327327
function slowToString(encoding, start, end) {
328328
var loweredCase = false;
329329

330-
start = start >>> 0;
331-
end = end === undefined || end === Infinity ? this.length : end >>> 0;
330+
// No need to verify that "this.length <= MAX_UINT32" since it's a read-only
331+
// property of a typed array.
332+
333+
// This behaves neither like String nor Uint8Array in that we set start/end
334+
// to their upper/lower bounds if the value passed is out of range.
335+
// undefined is handled specially as per ECMA-262 6th Edition,
336+
// Section 13.3.3.7 Runtime Semantics: KeyedBindingInitialization.
337+
if (start === undefined || start < 0)
338+
start = 0;
339+
// Return early if start > this.length. Done here to prevent potential uint32
340+
// coercion fail below.
341+
if (start > this.length)
342+
return '';
343+
344+
if (end === undefined || end > this.length)
345+
end = this.length;
346+
347+
if (end <= 0)
348+
return '';
349+
350+
// Force coersion to uint32. This will also coerce falsey/NaN values to 0.
351+
end >>>= 0;
352+
start >>>= 0;
353+
354+
if (end <= start)
355+
return '';
332356

333357
if (!encoding) encoding = 'utf8';
334-
if (start < 0) start = 0;
335-
if (end > this.length) end = this.length;
336-
if (end <= start) return '';
337358

338359
while (true) {
339360
switch (encoding) {
Collapse file

‎src/node_internals.h‎

Copy file name to clipboardExpand all lines: src/node_internals.h
+1-1Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -172,7 +172,7 @@ inline MUST_USE_RESULT bool ParseArrayIndex(v8::Local<v8::Value> arg,
172172
return true;
173173
}
174174

175-
int32_t tmp_i = arg->Int32Value();
175+
int32_t tmp_i = arg->Uint32Value();
176176

177177
if (tmp_i < 0)
178178
return false;

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.