diff --git a/src/string_bytes.cc b/src/string_bytes.cc index b3c0a90b548c70..2f48bc267b7463 100644 --- a/src/string_bytes.cc +++ b/src/string_bytes.cc @@ -244,6 +244,13 @@ static inline unsigned unhex(uint8_t x) { return unhex_table[x]; } +static size_t keep_buflen_in_range(size_t len) { + if (len > static_cast(std::numeric_limits::max())) { + return static_cast(std::numeric_limits::max()); + } + return len; +} + template static size_t hex_decode(char* buf, size_t len, @@ -306,7 +313,7 @@ size_t StringBytes::Write(Isolate* isolate, enum encoding encoding) { HandleScope scope(isolate); size_t nbytes; - + buflen = keep_buflen_in_range(buflen); CHECK(val->IsString() == true); Local str = val.As(); @@ -579,6 +586,7 @@ MaybeLocal StringBytes::Encode(Isolate* isolate, } case ASCII: + buflen = keep_buflen_in_range(buflen); if (simdutf::validate_ascii_with_errors(buf, buflen).error) { // The input contains non-ASCII bytes. char* out = node::UncheckedMalloc(buflen); @@ -592,23 +600,23 @@ MaybeLocal StringBytes::Encode(Isolate* isolate, return ExternOneByteString::NewFromCopy(isolate, buf, buflen, error); } - case UTF8: - { - val = String::NewFromUtf8(isolate, - buf, - v8::NewStringType::kNormal, - buflen); - Local str; - if (!val.ToLocal(&str)) { - *error = node::ERR_STRING_TOO_LONG(isolate); - } - return str; + case UTF8: { + buflen = keep_buflen_in_range(buflen); + val = + String::NewFromUtf8(isolate, buf, v8::NewStringType::kNormal, buflen); + Local str; + if (!val.ToLocal(&str)) { + *error = node::ERR_STRING_TOO_LONG(isolate); } + return str; + } case LATIN1: + buflen = keep_buflen_in_range(buflen); return ExternOneByteString::NewFromCopy(isolate, buf, buflen, error); case BASE64: { + buflen = keep_buflen_in_range(buflen); size_t dlen = base64_encoded_size(buflen); char* dst = node::UncheckedMalloc(dlen); if (dst == nullptr) { @@ -623,6 +631,7 @@ MaybeLocal StringBytes::Encode(Isolate* isolate, } case BASE64URL: { + buflen = keep_buflen_in_range(buflen); size_t dlen = base64_encoded_size(buflen, Base64Mode::URL); char* dst = node::UncheckedMalloc(dlen); if (dst == nullptr) { @@ -637,6 +646,7 @@ MaybeLocal StringBytes::Encode(Isolate* isolate, } case HEX: { + buflen = keep_buflen_in_range(buflen); size_t dlen = buflen * 2; char* dst = node::UncheckedMalloc(dlen); if (dst == nullptr) { @@ -650,6 +660,7 @@ MaybeLocal StringBytes::Encode(Isolate* isolate, } case UCS2: { + buflen = keep_buflen_in_range(buflen); size_t str_len = buflen / 2; if (IsBigEndian()) { uint16_t* dst = node::UncheckedMalloc(str_len); diff --git a/test/pummel/test-buffer-large-size.js b/test/pummel/test-buffer-large-size.js new file mode 100644 index 00000000000000..a2e82a45fa2af1 --- /dev/null +++ b/test/pummel/test-buffer-large-size.js @@ -0,0 +1,47 @@ +'use strict'; +const common = require('../common'); + +// Test Buffer size larger than integer range +const assert = require('assert'); +const { + SlowBuffer, +} = require('buffer'); +const kStringMaxLength = require('buffer').constants.MAX_STRING_LENGTH; + +const stringTooLongError = { + message: `Cannot create a string longer than 0x${kStringMaxLength.toString(16)}` + + ' characters', + code: 'ERR_STRING_TOO_LONG', + name: 'Error', +}; + +const size = 2 ** 31; + +// Test Buffer.toString +{ + try { + assert.throws(() => SlowBuffer(size).toString('utf8'), stringTooLongError); + assert.throws(() => Buffer.alloc(size).toString('utf8'), stringTooLongError); + assert.throws(() => Buffer.allocUnsafe(size).toString('utf8'), stringTooLongError); + assert.throws(() => Buffer.allocUnsafeSlow(size).toString('utf8'), stringTooLongError); + } catch (e) { + if (e.code !== 'ERR_MEMORY_ALLOCATION_FAILED') { + throw e; + } + common.skip('insufficient space for Buffer.alloc'); + } +} + +// Test Buffer.write +{ + try { + const buf = Buffer.alloc(size); + assert.strictEqual(buf.write('a', 2, kStringMaxLength), 1); + assert.strictEqual(buf.write('a', 2, size), 1); + } catch (e) { + if (e.code !== 'ERR_MEMORY_ALLOCATION_FAILED') { + throw e; + } + common.skip('insufficient space for Buffer.alloc'); + } +}